70-743 Upgrading Your Skills To Mcsa Windows Server 2016 v1 by Fiber PDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 366
At a glance
Powered by AI
The document discusses exam questions and answers related to the MCSA: Windows Server 2016 certification exam.

AD FS requires domain controllers running Windows Server 2008 or later and at least one Windows Server 2016 domain controller for device registration. The domain functional level must be at least Windows Server 2003 and schema version 85 for new AD FS 2016 installations.

Upgrading a domain controller to Windows Server 2016 meets the requirements as it raises the schema version to 85 and allows for device registration features.

70-743 : Upgrading Your Skills to MCSA: Windows Server 2016

Number: 70-743
Passing Score: 700
Time Limit: 100 min
File Version: 1.0

This VCE contains ALL questions mixed and corrected from:

Examcollection premium 140 questions.


Grubberz VCE 122 questions.
Passleader 237 questions.
70-743 V13.95 PDF 166 questions
+ Questions i found arround ;)

Version 1.0

if you have any correction or comment:

[email protected]

VCE created in Tabarnia.


All questions are validated & corrected. by fiber

Last UPDATED: 21/02/2018.


Exam A

QUESTION 1
Note: This question is part of a series of a questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server
2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.

Solution: You raise the forest functional level to Windows Server 2012 R2.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Windows Server 2016 Domain controller is required for Device Registration for Servers that run Windows Server 2016.

References: https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises

QUESTION 2
Note: This question is part of a series of a questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server
2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.

Solution: You upgrade a domain controller to Windows Server 2016.

Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

We need the following requirements:

Domain controller requirements

AD FS requires Domain controllers running Windows Server 2008 or later.


At least one Windows Server 2016 domain controller is required for Microsoft Passport for Work.

Domain functional-level requirements


All user account domains and the domain to which the AD FS servers are joined must be operating at the domain functional level of Windows Server
2003 or higher.
A Windows Server 2008 domain functional level or higher is required for client certificate authentication if the certificate is explicitly mapped to a
user's account in AD DS.

Schema requirements

New installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85).
Raising the AD FS farm behavior level (FBL) to the 2016 level requires the Active Directory 2016 schema (minimum version 85).

We have all requirements.

When you upgrade DC to 2016 the schema version also rise to 85, which is required for device registration.
You can check version if run command Get-ADObject "cn=schema,cn=configuration,dc=domain,dc=local" -Property objectVersion

Windows Server 2016 Domain controller is required for Device Registration for Servers that run Windows Server 2016.

References: https://technet.microsoft.com/en-us/windows-server-docs/identity/adfs/operations/configure-device-based-conditional-access-on-premises

QUESTION 3
Note: This question is part of a series of a questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server
2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.

Solution: You run adprep.exe from the Windows Server 2016 installation media.

Does this meet the goal?


A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Running adprep will update the schema to version 85.

We meet all other requirements as in previous question.

In an existing Active Directory forest, run adprep /forestprep from the \support\adprep folder of the Windows Server 2012 R2 operating system DVD on
any 64-bit server that runs Windows Server 2008 or later. In this case, no additional domain controller needs to be installed, and no existing
domain controllers need to be upgraded.

To run adprep/forestprep, you must be a member of the Schema Admins group, the Enterprise Admins group, and the Domain Admins group of the
domain that hosts the schema master.

In an existing Active Directory forest, install a domain controller that runs Windows Server 2012 R2. In this case, adprep /forestprep runs automatically
as part of the domain controller installation.

During the domain controller installation, you may need to specify additional credentials in order to run adprep /forestprep.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn486819(v=ws.11)

QUESTION 4
DRAG DROP

You have a server named Server1 that runs Windows Server 2016.

You need to deploy the first cluster node of a Network Controller cluster.

Which four cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them
in the correct order.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Deploy Network Controller using Windows PowerShell
Step 1: Install-WindowsFeature
Install the Network Controller server role
To install Network Controller by using Windows PowerShell, type the following commands at a Windows PowerShell prompt, and then press ENTER.
Install-WindowsFeature -Name NetworkController –IncludeManagementTools

Step 2: New-NetworkControllerNodeObject
You can create a Network Controller cluster by creating a node object and then configuring the cluster.
You need to create a node object for each computer or VM that is a member of the Network Controller cluster.
To create a node object, type the following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add
values for each parameter that are appropriate for your deployment.
New-NetworkControllerNodeObject –Name <string> -Server <String> -FaultDomain <string>-RestInte

Step 3: Install-NetworkControllerCluster
To configure the cluster, type the following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add
values for each parameter that are appropriate for your deployment.
Install-NetworkControllerCluster –Node <NetworkControllerNode[]> –ClusterAuthentication …

Step 4: Install-NetworkController
To configure the Network Controller application, type the following command at the Windows PowerShell command prompt, and then press ENTER.
Ensure that you add values for each parameter that are appropriate for your deployment.
Install-NetworkController –Node <NetworkControllerNode[]> –ClientAuthentication

References: https://technet.microsoft.com/en-us/library/mt282165.aspx

QUESTION 5
You have an Active Directory domain that contains several Hyper-V hosts that run Windows Server 2016.

You plan to deploy network virtualization and to centrally manage Datacenter Firewall policies.

Which component must you install for the planned deployment?

A. the Routing role service


B. the Canary Network Diagnostics feature
C. the Network Controller server role
D. the Data Center Bridging feature

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Using Windows PowerShell, the REST API, or a management application, you can use Network Controller to manage the following physical and virtual
network infrastructure:

Datacenter Firewall This Network Controller feature allows you to configure and manage allow/deny firewall Access Control rules for your workload
VMs for both East/West and North/South network traffic in your datacenter. The firewall rules are plumbed in the vSwitch port of workload VMs, and
so they are distributed across your workload in the datacenter. Using the Northbound API, you can define the firewall rules for both incoming and
outgoing traffic from the workload VM. You can also configure each firewall rule to log the traffic that was allowed or denied by the rule.

Hyper-V VMs and virtual switches

Remote Access Service (RAS) Multitenant Gateways, Virtual Gateways, and gateway pools

Load Balancers
References: https://technet.microsoft.com/en-us/library/dn859239.aspx

QUESTION 6
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 hosts a service that requires high network throughput.

VM1 has a virtual network adapter that connects to a Hyper-V switch named vSwitch1. vSwitch1 has one network adapter. The network adapter
supports Remote Direct Memory Access (RMDA), the single root I/O virtualization (SR-IOV) interface, Quality of Service (QoS), and Receive Side
Scaling (RSS).

You need to ensure that the traffic from VM1 can be processed by multiple networking processors.

Which Windows PowerShell command should you run in the host of VM1?

A. Set-NetAdapterRss
B. Set-NetAdapterRdma
C. Set-NetAdapterSriov
D. Set-NetAdapterQoS

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The Set-NetAdapterRss cmdlet sets the receive side scaling (RSS) properties on a network adapter. RSS is a scalability technology that distributes the
receive network traffic among multiple processors by hashing the header of the incoming packet. Without RSS Windows Server 2012/2016; network
traffic is received on the first processor which can quickly reach full utilization limiting receive network throughput. Many properties can be configured
using the parameters to optimize the performance of RSS. The selection of the processors to use for RSS is an important aspect of load balancing.
Most of the parameters for this cmdlet help to determine the processors used by RSS.

QUESTION 7
HOTSPOT

You have an Active Directory domain named Contoso.com. The domain contains Hyper-V hosts named Server1 and Server2 that run Windows Server
2016. The Hyper-V hosts are configured to use NVGRE for network virtualization.
You have six virtual machines that are connected to an external switch. The virtual machines are configured as shown.
To which virtual machine or virtual machines can VM1 and VM3 connect? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
The GRE keys must match.
To separate the traffic between the two virtualized networks, the GRE headers on the tunneled packets include a GRE Key that provides a unique Virtual
Subnet ID for each virtualized network.

References: https://networkheresy.com/2011/10/03/nvgre-vlxan-and-what-microsoft-is-doing-right/

QUESTION 8
You have a Nano Server named Nano1.
You deploy several containers to Nano1 that use an image named Image1.
You need to deploy a new container to Nano1 that uses Image1.
What should you run?

A. the Install-WindowsFeature cmdlet


B. the docker run command
C. the docker load command
D. the Install-NanoServerPackage cmdlet

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

When an operator executes docker run, the container process that runs is isolated in that it has its own file system, its own networking, and its own
isolated process tree separate from the host.
The basic docker run command takes this form:

$ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]

QUESTION 9
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a virtual machine named VM1. VM1 is configured to run the
Docker daemon.

On VM1, you have a container network that uses transparent mode.

You need to ensure that containers that run on VM1 can obtain IP addresses from DHCP.

What should you do?

A. On VM1, run docker network connect.


B. On Server1, run docker network connect.
C. On VM1, run Get-VMNetworkAdapter –VMName VM1 | Set-VMNetworkAdapter –MacAddressSpoofing On.
D. On Server1, run Get-VMNetworkAdapter –VMName VM1 | Set-VMNetworkAdapter – MacAddressSpoofing On.

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:

If the container host is virtualized, and you wish to use DHCP for IP assignment, you must enable MACAddressSpoofing.

PS C:\> Get-VMNetworkAdapter -VMName ContainerHostVM | Set-VMNetworkAdapter -MacAddressSpoofing On

The command needs to be run on the Hyper-V host.

References: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/management/container_networking

QUESTION 10
You have a server named Server1 that runs Windows Server 2016. You install the Docker daemon on Server1.

You need to configure the Docker daemon to accept connections only on TCP port 64500.

What should you do?

A. Edit the configuration.json file.


B. Run the Set-Service Windows PowerShell cmdlet.
C. Edit the daemon.json file.
D. Modify the routing table on Server1.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Configure Docker with Configuration File


The preferred method for configuring the Docker Engine on Windows is using a configuration file. The configuration file can be found at 'c:\ProgramData
\docker\config\daemon.json'.
Only the desired configuration changes need to be added to the configuration file. For example, this sample configures the Docker Engine to accept
incoming connections on port 64500. All other configuration options will use default values.

{
"hosts": ["tcp://0.0.0.0:64500"]
}

References: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/docker/configure_docker_daemon

QUESTION 11
You have a failover cluster named Cluster1.
A virtual machine named VM1 is a highly available virtual machine that runs on Cluster1. A custom application named App1 runs on VM1.
You need to configure monitoring on VM1. If App1 adds an error entry to the Application even log, VM1 should be automatically rebooted and moved to
another cluster node.

Which tool should you use?

A. Resource Monitor
B. Failover Cluster Manager
C. Server Manager
D. Hyper-V Manager

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Do you have a large number of virtualized workloads in your cluster? Have you been looking for a solution that allows you to detect if any of the
virtualized workloads in your cluster are behaving abnormally? Would you like the cluster service to take recovery actions when these workloads are in
an unhealthy state? In Windows Server 2012/2016, there is a great new feature, in Failover Clustering called “VM Monitoring”, which does exactly that –
it allows you monitor the health state of applications that are running within a virtual machine and then reports that to the host level so that it can take
recovery actions.

VM Monitoring can be easily configured using the Failover Cluster Manager through the following steps:

Right click on the Virtual Machine role on which you want to configure monitoring
Select “More Actions” and then the “Configure Monitoring” options
You will then see a list of services that can be configured for monitoring using the Failover Cluster Manager.

References: https://blogs.msdn.microsoft.com/clustering/2012/04/18/how-to-configure-vm-monitoring-in-windows-server-2012/

QUESTION 12
You have a server named Server1 that runs Windows Server 2016.
The disk configuration for Server1 is shown in the exhibit. (Click the Exhibit button.)
You add Server1 to a cluster.
You need to ensure that you can use Disk 1 for Storage Spaces Direct.
What should you do first?

A. Set Disk 1 to offline.


B. Convert Partition (E:) to ReFS.
C. Convert Disk 1 to a dynamic disk.
D. Delete Partition (E:).

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The disks used in Storage Spaces Direct cannot contain existing partitions.

QUESTION 13
Your network contains an Active Directory domain. The domain contains two Hyper-V hosts.
You plan to perform live migrations between the hosts.
You need to ensure that the live migration traffic is authenticated by using Kerberos.
What should you do first?

A. From Server Manager, install the Host Guardian Service server role on a domain controller.
B. From Active Directory Users and Computers, add the computer accounts for both servers to the Cryptographic Operators group.
C. From Active Directory Users and Computers, modify the Delegation properties of the computer accounts for both servers.
D. From Server Manager, install the Host Guardian Service server role on both servers.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

If you have decided to use Kerberos to authenticate live migration traffic, configure constrained delegation before you proceed to the rest of the steps.

To configure constrained delegation:

Open the Active Directory Users and Computers snap-in.


From the navigation pane, select the domain and double-click the Computers folder.
From the Computers folder, right-click the computer account of the source server and then click Properties.
In the Properties dialog box, click the Delegation tab.
On the delegation tab, select Trust this computer for delegation to the specified services only. Under that option, select Use Kerberos only.

QUESTION 14
HOTSPOT

You have a four-node Hyper-V cluster named Cluster1.


A virtual machine named VM1 runs on Cluster1. VM1 has a network adapter that connects to a virtual switch named Network1.
You need to prevent a network disconnection on VM1 from causing VM1 to move to another cluster node.

What command should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadapter?view=win10-ps

-NotMonitoredInCluster
Indicates whether to not monitor the network adapter if the virtual machine that it belongs to is part of a cluster. By default, network adapters for
clustered virtual machines are monitored.

QUESTION 15
You have an Active Directory domain named Contoso.com. The domain contains servers named Server1, Server2 and Server3 that run Windows
Server 2016.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. You add a Hyper-V Replica Broker role named Broker1 to Cluster1.
Server3 is a Hyper-V server. A virtual machine named VM1 runs on Server3.
Live Migration is enabled on all three servers and it is configured to use Kerberos authentication only.
You need to ensure that you can perform the migration of VM1 to Server2.
What should you do?

A. Add the Server3 computer account to the Replicator group on Server1 and Server2.
B. Modify the Delegation settings on the Server3 computer account.
C. Modify the Storage Migration settings on Server3.
D. Modify the Cluster permissions for Cluster1.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

If you have decided to use Kerberos to authenticate live migration traffic, configure constrained delegation before you proceed to the rest of the steps.
To configure constrained delegation
Open the Active Directory Users and Computers snap-in. For example, to do this from Server Manager, select the server if it not already selected.
After the server is selected, click Tools, and then click Active Directory Users and Computers. This opens the Active Directory Users and Computers
snap-in.
From the navigation pane, select the domain and double-click the Computers folder.
From the Computers folder, right-click the computer account of the source server and then click Properties.
In the Properties dialog box, click the Delegation tab.
On the delegation tab, select Trust this computer for delegation to the specified services only. Under that option, select Use Kerberos only.
Click Add.
Etc.

References: https://technet.microsoft.com/en-us/library/jj134199(v=ws.11).aspx

QUESTION 16
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You are publishing an application named App1 that will use Integrated Windows authentication as shown in the following graphic.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Publish an Integrated Windows authenticated-based Application for Web Browser Clients

Step 1: (configure the Backend server SPN – see first bulleted item below)

Before you begin, make sure that you have done the following:
* Made sure that the Web Application Proxy servers are configured for delegation to the service principal names (SPN) of the backend servers.
* Created a non-claims-aware relying party trust for the application in the AD FS Management console.
* Configured the backend server to support Kerberos constrained delegation on the domain controller or by using the Set-ADUser cmdlet with the -
PrincipalsAllowedToDelegateToAccount parameter. Note that if the backend server is running on Windows Server 2012 R2 or

Windows Server 2012, you can also run this PowerShell command on the backend server.
* Verified that a certificate on the Web Application Proxy server is suitable for the application you want to publish.
Step 2: http//server2.contoso.com/publish/app1
Use the same URL as the backend server URL.
Web Application Proxy can translate host names in URLs, but cannot translate path names. Therefore, you can enter different host names, but you must
enter the same path name. For example, you can enter an external URL of https://apps.contoso.com/app1/ and a backend server URL of http://app-
server/app1/. However, you cannot enter an external URL of https://apps.contoso.com/app1/ and a backend server URL of https://apps.contoso.com/
internal-app1/.

References: https://technet.microsoft.com/en-us/library/dn383640(v=ws.11).aspx

QUESTION 17
Your network contains three Hyper-V hosts. You add all of the hosts to a cluster.
You need to create highly available storage spaces that connect to directly attached storage on the hosts.
Which cmdlet should you use?

A. Update-ClusterVirtualMachineConfiguration
B. Enable-ClusterStorageSpacesDirect
C. Set-StoragePool
D. Add-ClusterDisk

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The Enable-ClusterStorageSpacesDirect cmdlet enables highly available Storage Spaces that use directly attached storage Storage Spaces Direct
(S2D) on a cluster.

QUESTION 18
You are configuring a Windows Server 2016 failover cluster in a workgroup.
Before installing one of the nodes, you run the ipconfig /all command and receive the following output.
You need to ensure that Server1 can be added as a node in the cluster.

What should you do?

A. Configure a DNS suffix.


B. Enable NetBIOS over TCP/IP.
C. Change the Node Type to Broadcast.
D. Assign a static IP address.

Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:

In addition to the pre-requisites of Single-domain clusters, there are additional pre-requisites for Multi-domain or Workgroup clusters in the Windows
Server 2016 including Primary DNS Suffix Requirements.

* Each cluster node needs to have a primary DNS suffix.


* For Multi-domain Clusters: The DNS suffix for all the domains in the cluster, should be present on all cluster nodes…

Note: Failover Clusters can now be created in the following configurations:


Single-domain Clusters: Clusters with all nodes joined to the same domain
Multi-domain Clusters: Clusters with nodes which are members of different domains
Workgroup Clusters: Clusters with nodes which are member servers / workgroup (not domain joined)

References: https://blogs.msdn.microsoft.com/clustering/2015/08/17/workgroup-and-multi-domain-clusters-in-windows-server-2016/

QUESTION 19
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server
2016. Server1 is located in the perimeter network.
You install the Active Directory Federation Services server role on Server1. You create an Active Directory Federation Services (AD FS) farm by using a
certificate that has a subject name of sts.contoso.com.
You need to enable certificate authentication from the Internet on Server1.
Which two inbound TCP ports should you open on the firewall? Each correct answer presents part of the solution.

A. 389
B. 443
C. 3389
D. 8531
E. 49443

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Configuring the following network services appropriately is critical for successful deployment of AD FS in your organization:
Configuring Corporate Firewall
* Both the firewall located between the Web Application Proxy and the federation server farm and the firewall between the clients and the Web
Application Proxy must have TCP port 443 enabled inbound.
* In addition, if client user certificate authentication (clientTLS authentication using X509 user certificates) is required, AD FS in Windows Server 2012
R2 requires that TCP port 49443 be enabled inbound on the firewall between the clients and the Web Application Proxy. This is not required on the
firewall between the Web Application Proxy and the federation servers).

References: https://technet.microsoft.com/en-us/library/dn554247(v=ws.11).aspx

QUESTION 20
HOTSPOT

You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.

You publish an application named App1 by using the Web Application Proxy.
You need to change the URL that users use to connect to App1 when they work remotely.

Which command should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
The Set-WebApplicationProxyApplication cmdlet modifies settings of a web application published through Web Application Proxy. Specify the web
application to modify by using its ID. Note that the method of preauthentication cannot be changed. The cmdlet ensures that no other applications are
already configured to use any specified ExternalURL or BackendServerURL.

References: https://technet.microsoft.com/itpro/powershell/windows/wap/set-webapplicationproxyapplication

Explanation 2:
Configure internal and external Fully Qualified Domain Names (FQDNs) , there are two FQDN addresses that are configured with an application. The
External URL is the FQDN that external users request access to when attempting to access an application. The backend server URL is the FQDN of the
internal resource where the application is available. In most scenarios, these URLs should be the same. If the FQDNs are different for external and
internal requests, then URL translation must also be configured to ensure requests are redirected correctly. To enable URL translation, use the Set-
WebApplicationProxyApplication cmdlet. Set-WebApplicationProxyApplication –ID AppID -DisableTranslateUrlInRequestHeaders:$False
QUESTION 21
HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and
Server4 that run Windows Server 2016.

Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. You have a highly available virtual machine named VM1. Server1 is the owner
node of VM1. Server3 and Server4 are nodes of a scale-out file server named Cluster2.

The storage on Server1 is configured as shown in the following table.

VM1 is stored in C:\ClusterStorage\Volume1.


You need to move the virtual disk of VM1 to a different location.

What should you do? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Box 1: Failover Cluster Manager
You can use Failover Cluster Manager to do a Storage Migration to a shared folder.

Box 2: \\Cluster2\Share1
For a highly-available VM, the storage must be accessible by all nodes in the cluster. Therefore, in this scenario, we have to use the file share.
You c

References:
https://blogs.msdn.microsoft.com/clustering/2012/04/26/windows-server-2012-storage-migration-for-cluster-managed-virtual-machines/

QUESTION 22
HOTSPOT
You have a Windows Server 2016 failover cluster that has a cluster network named ClusterNetwork1.
You need to ensure that ClusterNetwork1 is enabled for cluster communication only.
What command should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Box 1: Get-ClusterNetwork
Cluster network roles can be changed using PowerShell command, Get-ClusterNetwork.

For example:
(Get-ClusterNetwork “Cluster Network 1”). Role =1

Box 2: Role
Cluster Network Roles:
Cluster networks are automatically created for all logical subnets connected to all nodes in the Cluster. Each network adapter card connected to a
common subnet will be listed in Failover Cluster Manager. Cluster networks can be configured for different uses.
Three roles:
* Disabled for Cluster Communication (value 0)
* Enabled for Cluster Communication only (value 1)
* Enabled for client and cluster communication (value 3)

References: https://blogs.technet.microsoft.com/askcore/2014/02/19/configuring-windows-failover-cluster-networks/

QUESTION 23
HOTSPOT

Your network contains an Active Directory forest named contoso.com.


Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1
to authenticate users.
You have a member server named Server2 that runs Windows Server 2016. You install the Active Directory Federation Services (AD FS) server role on
Server2 and create an AD FS farm.
You need to configure AD FS to authenticate users from the AD LDS server.

Which cmdlets should you run? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
To configure your AD FS farm to authenticate users from an LDAP directory, you can complete the following steps:

Step 1: New-AdfsLdapServerConnection
First, configure a connection to your LDAP directory using the New-AdfsLdapServerConnection cmdlet:
$DirectoryCred = Get-Credential
$vendorDirectory = New-AdfsLdapServerConnection –HostName dirserver –Port 50000 –SslMode None –AuthenticationMethod Basic –Credential
$DirectoryCred

Step 2 (optional):
Next, you can perform the optional step of mapping LDAP attributes to the existing AD FS claims using the New-AdfsLdapAttributeToClaimMapping
cmdlet.

Step 3: Add-AdfsLocalClaimsProviderTrust
Finally, you must register the LDAP store with AD FS as a local claims provider trust using the Add-AdfsLocalClaimsProviderTrust cmdlet:
Add-AdfsLocalClaimsProviderTrust –Name “Vendors” –Identifier “urn:vendors” –Type L

References: https://technet.microsoft.com/en-us/library/dn823754(v=ws.11).aspx

QUESTION 24
Your network contains an Active Directory forest named contoso.com.
You have an Active Directory Federation Services (AD FS) farm. The farm contains a server named Server1 that runs Windows Server 2012 R2.
You add a server named Server2 to the farm. Server2 runs Windows Server 2016.
You remove Server1 from the farm.
You need to ensure that you can use role separation to manage the farm.
Which cmdlet should you run?

A. Update-AdfsRelyingPartyTrust
B. Invoke-AdfsFarmBehaviorLevelRaise
C. Set-AdfsFarmInformation
D. Set-AdfsProperties

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

After upgrading our ADFS servers to Windows Server 2016, the last step is to raise the Farm Behavior Level using the Invoke-
AdfsFarmBehaviorLevelRaise PowerShell cmdlet.

To upgrade the farm behavior level from Windows Server 2012 R2 to Windows Server 2016 use the Invoke-ADFSFarmBehaviorLevelRaise cmdlet.

References: https://technet.microsoft.com/en-us/library/mt605334(v=ws.11).aspx

QUESTION 25
HOTSPOT

You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You need to publish Microsoft Exchange Server 2013 services through the Web Application Proxy. The solution must use preauthentication whenever
possible.
How should you configure the preauthentication method for each service? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
From Server 2016 (Not 2012R2) Exchange Active Sync supports AD FS (HTTP Basic) Pre-auth
QUESTION 26
HOTSPOT

You have a server named Server1 that runs Windows Server 2016. Server1 has the Windows Application Proxy role service installed.
You need to publish Microsoft Exchange ActiveSync services by using the Publish New Application Wizard. The ActiveSync services must use
preauthentication.
How should you configure Server1? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Box 1: Active Directory Federation Services (ADFS)
The well-known HTTP basic authentication that you can use in scenarios such as Exchange Active Sync (ActiveSync). This is a new capability included
in this release of Web Application Proxy. For the ActiveSync scenario, the authentication process includes four core steps:
1. Windows Application Proxy (WAP) stops the request and passes all credentials to AD FS.
2. AD FS validates, applies policy, and replies with a token.
3. Upon success, Web Application Proxy allows the request to pass to the Exchange server.
4. Web Application Proxy caches the token for future use.

Box 2: HTTP Basic


The well-known HTTP basic authentication that you can use in scenarios such as Exchange Active Sync (ActiveSync).

QUESTION 27
HOTSPOT

You have a server that runs Windows Server 2016.


You run the commands shown in the following output.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Box 1: No
The LastWriteTime of DC01.vhd was on June 21, 2016, and the current date is also June 21, 2016, but the MinimumFileAgeDays is 3.
MinimumFileAgeDays specifies a number of days. The deduplication engine optimizes files that users have not accessed in the number of days that you
specify. If the last access time is not available, then the deduplication engine uses the last modified time.

Box 2: No
The size of Readme.txt, 12400 bytes, is less than the Minimum File size, 32768 bytes.
MinimumFileSize specifies the minimum size threshold, in bytes, for files that are optimized. The deduplication engine does not optimize files that do not
meet the minimum threshold.

Box 3: Yes
The Software ISO file is both large and old enough for deduplication.

References: https://technet.microsoft.com/en-us/library/hh848438.aspx

QUESTION 28
DRAG DROP

You have a server that runs Windows Server 2016. You install three additional disks named Disk1, Disk2, and Disk3. You plan to use these physical
disks to store data.
You need to create a volume to store data. The solution must prevent data loss in the event of a single disk failure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange
them in the correct order.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Step 1: Create a Storage Pool
First we create a Storage Pool. We specify which disks should be included in the storage pool.
Example:
Step 2: Create a Virtual Disk
After creating the storage pool now start creating a virtual disk for the pool you had created.
1. When the storage pool wizard finishes, just mark the create a virtual disk option to create a virtual disk after this wizard.
2. Select the storage pool to create a virtual disk.
Later in the New Virtual Disk wizard you select the Storage Layout. Select Parity.
Step 3: Create a Volume
After creating the virtual disk, create a volume with the New Volume Wizard.
You create the volume on the Virtual Disk you created in Step 2.
References: http://www.tactig.com/create-a-storage-pool-windows-server/

QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run
Windows Server 2016. The servers have the same hardware configuration.

You need to asynchronously replicate volume F: from Server1 to Server2.

What should you do?

A. Install the Failover Clustering feature and create a new cluster resource group.
B. Run Set-DfsrServiceConfiguration and specify the –RPCPort parameter.
C. Run New-SRPartnership and specify the –ReplicationMode parameter.
D. Install the Failover Clustering feature and use Cluster Shared Volumes (CSV).

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

-ReplicationMode
Specifies the desired mode of replication for this source and destination pair. The acceptable values for this parameter are:

Synchronous or 1. The synchronous mode requires all writes to commit on the destination server and on the source server, which guarantees data
integrity between computers.

Asynchronous or 2. The asynchronous mode writes to the source server without waiting for the destination server, which allows for replication over
high latency, geographic networks.

https://docs.microsoft.com/en-us/powershell/module/storagereplica/new-srpartnership?view=win10-ps

https://msandbu.wordpress.com/2016/05/13/getting-started-with-storage-replica-in-windows-server-2016/

QUESTION 30
You have a server named Server1 that runs Windows Server 2016.
The disks on Server1 are configured as shown in the following table.
Windows Server 2016 is installed in C:\Windows.
On which two volumes can you enable data deduplication? Each correct answer presents a complete solution.

A. C:
B. D:
C. E:
D. F:
E. G:

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

*************NOTE*************** now Data deduplication its possibel with ReFS.

Explanation:

Volumes that are candidates for deduplication must conform to the following requirements:

Must not be a system or boot volume. Deduplication is not supported on operating system volumes. (Thus NOT C:)
Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system. (Thus NOT
D:)
Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering
is fully supported.
If you’re using Windows Server 2012, don’t deduplicate Cluster Shared Volumes (CSVs). You can access data if a deduplication-enabled volume is
converted to a CSV, but you cannot continue to process files for deduplication on Windows Server 2012.
Do not rely on the Microsoft Resilient File System (ReFS). (Thus NOT F:)
Can’t be larger than 64 TB in size.
Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.

References: https://technet.microsoft.com/en-us/library/hh831700(v=ws.11).aspx

QUESTION 31
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have a Hyper-V host named Server1 that runs Windows Server 2016. You plan to deploy several shielded virtual machines on Server1.
You deploy a Host Guardian on a new server.
You need to ensure that Server1 can host shielded virtual machines.

What should you do first?

A. the Mount-VHD cmdlet


B. the Diskpart command
C. the Set-VHD cmdlet
D. the Set-VM cmdlet
E. the Set-VMHost cmdlet
F. the Set-VMProcessor cmdlet
G. the Install-WindowsFeature cmdlet
H. the Optimize-VHD cmdlet

Correct Answer: G
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Installing Host Guardian Service (HGS) Role


On a machine running Windows Server 2016, install the Host Guardian Service role using Server Manager or Windows PowerShell.
From the command line issue the following command:

Install-WindowsFeature HostGuardianServiceRole –IncludeManagementTools

References: https://blogs.technet.microsoft.com/datacentersecurity/2016/03/16/windows-server-2016-and-host-guardian-service-for-shielded-vms/

QUESTION 32
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have an Active Directory domain that contains two Hyper-V servers named Server1 and Server2. Server1 has Windows Server 2016 installed.
Server2 has Windows Server 2012 R2 installed.
Each Hyper-V server has three network cards. Each network card is connected to a different subnet. Server1 contains a dedicated migration network.
Server2 contains a virtual machine named VM5.
You plan to perform a live migration of VM5 to Server1.
You need to ensure that Server1 uses all available networks to perform the live migration of VMS.

What should you run?


A. the Mount-VHD cmdlet
B. the Diskpart command
C. the Set-VHD cmdlet
D. the Set-VM cmdlet
E. the Set-VMHost cmdlet
F. the Set-VMProcessor cmdlet
G. the Install-WindowsFeature cmdlet
H. the Optimize-VHD cmdlet

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Set-VMHost -UseAnyNetworkForMigration
Specifies how networks are selected for incoming live migration traffic. If set to $True, any available network on the host can be used for this traffic. If set
to $False, incoming live migration traffic is transmitted only on the networks specified in the MigrationNetworks property of the host.

References: https://technet.microsoft.com/en-us/library/hh848524.aspx

QUESTION 33
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a virtual machine that uses a virtual hard disK (VHD) named
disk1.vhdx.
You receive the following warning message from Event Viewer:

“One or more virtual hard disks have a physical sector size that is smaller than the physical sector size of the storage on which the virtual
hard disk file is located.”

You need to resolve the problem that causes the warning message.

What should you run?

A. the Mount-VHD cmdlet


B. the Diskpart command
C. the Set-VHD cmdlet
D. the Set-VM cmdlet
E. the Set-VMHost cmdlet
F. the Set-VMProcessor cmdlet
G. the Install-WindowsFeature cmdlet
H. the Optimize-VHD cmdlet

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Issue
One or more virtual hard disks have a physical sector size that is smaller than the physical sector size of the storage on which the virtual hard disk file is
located.
Resolution
Do one of the following:
* Perform a storage migration to move the virtual hard disk to a new physical system
* Use a registry setting to enable a VHD-format virtual hard disk to report a physical sector size of 4k
* Use Windows PowerShell or WMI to enable a VHDX-format virtual hard disk to report a specific sector size

The Set-VHD cmdlet sets the ParentPath or PhysicalSectorSizeBytes properties of a virtual hard disk. The two properties must be set in separate
operations.

The Set-VHD -PhysicalSectorSizeBytes parameter specifies the physical sector size, in bytes. Valid values are 512 and 4096. This parameter is
supported only on a VHDX-format disk that is not attached when the operation is initiated.

References:
https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/best-practices-analyzer/avoid-using-virtual-hard-disks-with-sector-size-less-
than-size-of-physical
https://technet.microsoft.com/en-us/library/hh848561.aspx

QUESTION 34
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 contains a virtual machine named VM1.
You need to ensure that you can use nested virtualization on VM1.
What should you run on Server1?

A. the Mount-VHD cmdlet


B. the Diskpart command
C. the Set-VHD cmdlet
D. the Set-VM cmdlet
E. the Set-VMHost cmdlet
F. the Set-VMProcessor cmdlet
G. the Install-WindowsFeature cmdlet
H. the Optimize-VHD cmdlet

Correct Answer: F
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Configure Nested Virtualization


1. Create a virtual machine.
2. While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host. This enables nested virtualization for the
virtual machine.
Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Etc.

References: https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/user_guide/nesting

QUESTION 35
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a dynamically expanding virtual hard disk (VHD) file that is 900
GB. The VHD contains 400 GB of free space.
You need to reduce the amount of disk space used by the VHD.

What should you run?

A. the Mount-VHD cmdlet


B. the Diskpart command
C. the Set-VHD cmdlet
D. the Set-VM cmdlet
E. the Set-VMHost cmdlet
F. the Set-VMProcessor cmdlet
G. the Install-WindowsFeature cmdlet
H. the Optimize-VHD cmdlet

Correct Answer: H
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The Optimize-VHD cmdlet optimizes the allocation of space in or more virtual hard disk files, except for fixed virtual hard disks. The Compact operation
is used to optimize the files. This operation reclaims unused blocks as well as rearranges the blocks to be more efficiently packed, which reduces the
size of a virtual hard disk file.

References:
https://technet.microsoft.com/en-us/itpro/powershell/windows/hyper-v/optimize-vhd

QUESTION 36
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 hosts a virtual machine named VM1.
You need to provide VM1 with direct access to a graphics processing unit (GPU) on Server1.

What should you do first?

A. On VM1, install the Quality Windows Audio Video Experience (qWave) feature.
B. Disable the display adapter device on Server1.
C. In the settings of VM1, add a RemoteFX 3D Video Adapter.
D. Dismount the display adapter on Server1.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Before the physical device is allowed to be passed through to the VM, the device must be disabled on the host system. The physical device must be
accessible/available exclusively to the VM only.

References: Introduction to Windows Server 2016 Hyper-V Discrete Device Assignment, page 5
https://lenovopress.com/lp0088.pdf
QUESTION 37
HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that
run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP scopes
configured. The IPAM server retrieves data from Server2 and Server3.
A domain user named User1 is a member of the groups shown in the following table.

On Server1, you create a security policy for User1. The policy grants the IPAM DHCP Scope Administrator Role with the \Global access scope to the
user.
Which actions can User1 perform? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
User1 is using Server Manager, not IPAM to perform the administration. Therefore, only the “DHCP Administrators” permission on Server2 and the
“DHCP Users” permissions on Server3 are applied.
The permissions granted through membership of the “IPAM DHCP Scope Administrator Role” are not applied when the user is not using the IPAM
console.

QUESTION 38
You have two Hyper-V hosts named Server1 and Server2 that run Windows Server 2016.
The following virtual switches are configured on the Hyper-V hosts.
The following virtual machines run on the Hyper-V hosts.

All virtual machines have IP addresses from the 192.168.1.0/24 network. VLANs are configured in Hyper-V only. Physical switches are not configured
with VLANs.
To which virtual machine or virtual machines can VM1 connect?

A. VM2, VM3, VM5 and VM6 only


B. VM2, VM3 and VM4 only
C. VM2 only
D. VM2 and VM5 only

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

If the port is set to a specific VLAN, then that port becomes a member of that VLAN. Its frames are still untagged, but the switch will only allow that port
to communicate with other devices on the same VLAN.

References: http://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/

QUESTION 39
DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You install IP Address Management (IPAM) on Server1.
You need to manually start discovery of servers that IPAM can manage in contoso.com.
Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange
them in the correct order.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Step 1: Invoke-IpamServerProvisioning
Choose a provisioning method
The Invoke-IpamGpoProvisioning cmdlet creates and links three group policies specified in the Domain parameter for provisioning required access
settings on the server roles managed by the computer running the IP Address Management (IPAM) server.

Step 2: Add-IpamDiscoveryDomain
Configure the scope of discovery
The Add-IpamDiscoveryDomain cmdlet adds an Active Directory discovery domain for an IP Address Management (IPAM) server. A discovery domain is
a domain that IPAM searches to find infrastructure servers. An IPAM server uses the list of discovery domains to determine what type of servers to add.
By default, IPAM discovers all domain controllers, Dynamic Host Configuration Protocol (DHCP) servers, and Domain Name System (DNS) servers.

Step 3: Start-ScheduledTask
Start server discovery
To begin discovering servers on the network, click Start server discovery to launch the IPAM ServerDiscovery task or use the Start-ScheduledTask
command.

QUESTION 40
You have an Active Directory domain named contoso.com.
The computers in contoso.com are installed by using Windows Deployment Services.
You have a server named Server1 that runs Windows Server 2016. Server1 is a member of contoso.com. Server1 has the Hyper-V role installed. Virtual
machines on Server1 are connected to an external switch named Switch1.
You create a virtual machine named VM1 on Server1 by running the following cmdlets.

You need to ensure that you can install the operating system on VM1 by using Windows Deployment Services.
What should you do?

A. Add a legacy network adapter to VM1.


B. Modify the SwitchType parameter of Switch1.
C. Modify the DefaultFlowMinimumBandwidthWeigth parameter of Switch1.
D. Add a SCSI controller to VM1.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

A legacy network adapter is required for PXE boot.

Not B: The switch is an External switch which is what is required.

QUESTION 41
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM
Group Policy objects (GPOs) is IP.
From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.

You need to modify the GPO prefix used by IPAM.

What should you do?

A. Click Configure server discovery in Server Manager.


B. Run the Set-IpamConfiguration cmdlet.
C. Run the Invoke-IpamGpoProvisioning cmdlet.
D. Click Provision the IPAM server in Server Manager.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The Set-IpamConfiguration cmdlet modifies the configuration for the computer that runs the IPAM server.

The -GpoPrefix<String> parameter specifies the unique Group Policy object (GPO) prefix name that IPAM uses to create the group policy objects. Use
this parameter only when the value of the ProvisioningMethod parameter is set to Automatic.

References: https://technet.microsoft.com/en-us/library/jj590816.aspx

QUESTION 42
DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run
Windows Server 2016.

Server1 has IP Address Management (IPAM) installed.

Server2 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed.

You need to integrate IPAM and VMM.

Which types of objects should you create on each server?

To answer, drag the appropriate object types to the correct servers. Each object type may be used once, more than once, or not at all. You may need to
drag the split bar between panes or scroll to view content.
Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Server 1 (IPAM): Access Policy
VMM must be granted permission to view and modify IP address space in IPAM, and to perform remote management of the IPAM server. VMM uses a
“Run As” account to provide these permissions to the IPAM network service plugin. The “Run As” account must be configured with appropriate
permission on the IPAM server.
To assign permissions to the VMM user account
1. In the IPAM server console, in the upper navigation pane, click ACCESS CONTROL, right-click Access Policies in the lower navigation pane, and
then click Add Access Policy.
Etc.

Server 2 (VMM) #1: Network Service


Server 2 (VMM) #2: Run As Account
Perform the following procedure using the System Center VMM console.
To configure VMM (see step 1-3, step 6-7)
In the Fabric workspace, expand the Networking node and then click Network Service.
Right-click Network Service, and click Add Network Service.
In the Add Network Service Wizard, on the Name page, next to Name, type IPAM and then click Next. The Description field is optional.
On the Manufacturer and Model page, next to Manufacturer, choose Microsoft and next to Model, choose Microsoft Windows Server IP Address
Management, and then click Next.
On the Credentials page, next to Run As account, click Browse and then click Create Run As Account.
On the Create Run As Account page, next to Name type a name for the account, for example VMM User.
Next to User name, Password and Confirm password, enter the username and password for the account that was created on the IPAM server in the
previous procedure, for example contoso\vmmuser. A description is optional. See the following example. Click OK to continue.
Etc.

References: https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx

QUESTION 43
HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1 and a member server
named Server2.
Server1 has the DNS Server role installed. Server2 has IP Address Management (IPAM) installed. The IPAM server retrieves zones from Server1 as
shown in the following table.

The IPAM server has one access policy configured as shown in the exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Hot Area:
Correct Answer:

Section: (none)
Explanation
Explanation/Reference:
Box 1: Yes
As a member of the IPAM DNS Administrator Role of the ADatum zone, User1 can add DNS records to it.

Box 2: Yes
As a member of the DNS Record Administrator Role of the Fabrikam zone, User1 can add DNS records to it.

Box 3: No
DNS Record Administrators cannot delete zones, only administer DNS records.

References: https://technet.microsoft.com/en-us/library/hh831353(v=ws.11).aspx

QUESTION 44
HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and
Server4 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2, Server3, and Server 4 have the DHCP Server role installed. IPAM manages Server2,
Server3, and Server4.
A domain user named User1 is a member of the groups shown in the following table.

Which actions can User1 perform? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Box 1: Can be performed by User1
DHCP Administrators can create DHCP scopes.
Box 2: Cannot be performed by User1
DHCP Users cannot create scopes.
Box 3: Cannot be performed by User1
IPAM users cannot create scopes.

Note: We assume that the second column in the answer area says: Cannot be performed by User1 (not Can be performed by User2).
References: https://technet.microsoft.com/en-us/library/dn741281(v=ws.11).aspx#create_access_scope

QUESTION 45
DRAG DROP

Your network contains two Hyper-V servers named Server1 and Server2. Server1 has Windows 2012 R2 installed. Server2 has Windows Server 2016
installed.

You perform a live migration of a virtual machine named VM1 from Server1 to Server2.
You need to create a production checkpoint for VM1 on Server2.

What three Windows PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of actions to the answer
area and arrange them in the correct order.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
We need to update the VM Version to enable the Production Checkpoints feature.

Step 1: Stop-VM
The virtual machine should be shut down before upgrading it.

Step 2. Update-VMVersion
To upgrade the virtual machine configuration version by using Windows PowerShell, use the Update-VMVersion cmdlet.

Step 3: CheckPoint-VM
The Checkpoint-VM cmdlet creates a checkpoint of a virtual machine.

Note: There is no Upgrade-VMVersion cmdlet

With 4 options:
QUESTION 46
DRAG DROP

You install a new Nano Server named Nano1. Nano1 is a member of a workgroup and has an IP address of 192.168.1.10.
You have a server named Server1 that runs Windows Server 2016.
From Server1, you need to establish a Windows PowerShell session to Nano1.

How should you complete the PowerShell script? To answer, drag the appropriate cmdlets to the correct targets.

Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
How to access Nano Server
Because Nano Server does not support a local session, it must be accessed remotely.
1. Start an elevated PowerShell ISE session.

2. Set the Trusted Host.


This is a one-time setting for each remote machine. You’re basically telling your development machine to trust the remote Nano Server.
Set-Item WSMan:\LocalHost\Client\TrustedHosts "192.168.0.100"

3. Start the session.


Enter the following commands into the PowerShell ISE command line:
$ip = "192.168.0.100" # replace with your Nano Server's IP address
$s = New-PSSession -ComputerName $ip -Credential ~\Administrator
Enter-PSSession -Session $s
References: https://msdn.microsoft.com/en-us/library/mt708805(v=vs.85).aspx

QUESTION 47
HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1.
Server1 is configured to use a forwarder named Server2 that has an IP address of 10.0.0.10. Server2 can resolve names hosted on the Internet
successfully. Server2 hosts a primary DNS zone named adatum.com
On Server1, you have the following zone configuration.

The “.” zone contains the following records.

For each of the following statements, select Yes of the statement is true. Otherwise, select No.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Server1 has a root (.) zone. A root zone will disable the use of any forwarders.

Therefore, Server1 can only resolve DNS queries for zones that Server1 hosts (zones that Server1 is authoritative for).

Server1 can resolve hostnames in the contoso.com zone.

QUESTION 48
HOTSPOT

Your network contains an Active Directory forest. The forest contains two domain controllers named DC1 and DC2 that run Windows Server 2016. DC1
holds all of the operations master roles.
DC1 experiences a hardware failure.
You plan to use an automated process that will create 1,000 user accounts.
You need to ensure that the automated process can complete successfully.

Which command should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The Move-ADDirectoryServerOperationMasterRole cmdlet moves one or more operation master roles to a directory server.
You can move operation master roles to a directory server in a different domain if the credentials are the same in both
domains.

Role seizure, which involves seizing roles you previously attempted to transfer by running the cmdlet a second time using the
same parameters as the transfer operation, and adding the Force parameter. The Force parameter must be used as a
switch to indicate that seizure, instead of transfer, of operation master roles is being performed. This operation still
attempts graceful transfer first, then seizes if transfer is not possible.
Box 1: Move-ADDirectoryServerOperationMasterRole

Box 2: RIDMaster

Box 3: -Force
QUESTION 49
DRAG DROP

You have a Hyper-V host named Server1 that runs Windows Server 2016.
The installation source files for Windows Server 2016 are located in D:\Source.
You need to create a Nano Server image.
Which cmdlets should you run? To answer, drag the appropriate cmdlets to the correct targets. Each cmdlet may be used once, more than once, or not
at all. You may need to drag the split bat between panes or scroll to view content.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Step 1: Import Module
Import-Module .\NanoServerImageGenerator.psm1

Step 2: New New-NanoServerImage


Create Nano Server Image VHDX
New-NanoServerImage -MediaPath .\Files -BasePath .\Base -TargetPath .\Images\NanoVMGA.vhdx

References: https://technet.microsoft.com/en-us/windows-server-docs/get-started/deploy-nano-server

QUESTION 50
DRAG DROP

You have a network that contains several servers that run Windows Server 2016.
You need to use Desired State Configuration (DSC) to configure the servers to meet the following requirements:
- Install the Web Server role
- Start the World Wide Web Publishing service
How should you configure the DSC recourses? To answer, drag the appropriate values to the correct locations. Each value may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Box 1: WindowsFeature
The WindowsFeature resource in Windows PowerShell Desired State Configuration (DSC) provides a mechanism to ensure that roles and features are
added or removed on a target node.
Box 2: Present
The Ensure Property indicates if the role or feature is added. To ensure that the role or feature is added, set this property to "Present" To ensure that the
role or feature is removed, set the property to "Absent".
Example:
WindowsFeature RoleExample
{
Ensure = "Present"
# Alternatively, to ensure the role is uninstalled, set Ensure to "Absent"
Name = "Web-Server" # Use the Name property from Get-WindowsFeature
}

Box 3: Service
The Service resource in Windows PowerShell Desired State Configuration (DSC) provides a mechanism to manage services on the target node.

Box 4: Running
The State property indicates the state, either Running or Stopped, you want to ensure for the service.

References:
https://msdn.microsoft.com/en-us/powershell/dsc/windowsfeatureresource
https://msdn.microsoft.com/en-us/powershell/dsc/serviceresource

QUESTION 51
HOTSPOT

Your network contains an Active Directory forest. The forest contains two sites named Site1 and Site2. Site1 contains 10 domain controllers. Site1 and
Site2 connect to each other by using a WAN link.
You run the Active Directory Domain Services Configuration Wizard as shown in the following graphic.
Server3 is the only server in Site2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Box 1: stop and start the Active Directory Domain Services (AD DS)

Box 2: Can log on if they have previously logged on.


By selectively caching credentials, RODCs address some of the challenges that enterprises can encounter in branch offices and perimeter networks
(also known as DMZs) that may lack the physical security that is commonly found in datacenters and hub sites.

QUESTION 52
You deploy a Hyper-V server named Server1 in an isolated test environment. The test environment is prevented from accessing the Internet. Server1
runs the Datacenter edition of Windows Server 2016.
You plan to deploy the following guest virtual machines on the server:
Which activation model should you use for the virtual machines?

A. Multiple Activation Key (MAK)


B. Key Management Service (KMS)
C. Original Equipment Manufacturer (OEM) key
D. Automatic Virtual Machine Activation (AVMA)

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

On virtualization servers that are activated using Volume Licensing or OEM licensing, AVMA offers several benefits.
Server datacenter managers can use AVMA to do the following:
* Activate virtual machines in remote locations
* Activate virtual machines with or without an internet connection
* Track virtual machine usage and licenses from the virtualization server, without requiring any access rights on the virtualized systems

Note: AVMA requires a Microsoft Virtualization Server running Windows Server 2012 R2 Datacenter or Windows Server 2016 Datacenter.

QUESTION 53
Active Directory Recycle Bin is enabled. You discover that a support technician accidentally removed 100 users from an Active Directory group named
Group1 an hour ago. You need to restore the membership of Group1.

What should you do?

A. Perform tombstone reanimation.


B. Export and import data by using Dsamain.
C. Perform a non-authoritative restore.
D. Recover the items by using Active Directory Recycle Bin.
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
A group has been modified. Nothing has been deleted.

Therefore, answers A and D will not work. Answer C would work if it was an authoritative restore, but not a non-authoritative restore.

The solution is to recover an earlier copy of the group from a backup or active directory snapshot by using DSadmain.

QUESTION 54
In this section, you’ll see one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem,
and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem. It is also possible that none of the
solutions solve the problem.

Once you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine
whether the solution meets the stated goals.

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run
Windows 10.

On Server1, you have the following zone configuration.


You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.

Solution: From windows PowerShell on Server1, you run the Add-DnsServerTrustAnchor cmdtel.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
The Add-DnsServerTrustAnchor command adds a trust anchor to a DNS server. A trust anchor (or trust "point") is a public cryptographic key for a
signed zone. Trust anchors must be configured on
every non-authoritative DNS server that will attempt to validate DNS data. Trust Anchors have no direct relation to DSSEC validation.

References:
https://technet.microsoft.com/en-us/library/jj649932.aspx
https://technet.microsoft.com/en-us/library/dn593672(v=ws.11).aspx
QUESTION 55
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run
Windows 10.
On Server1, you have the following zone configuration

You need to prevent Server1 from resolving queries from DNS clients located on Subnet4.
Server1 must resolve queries from all other DNS clients.

Solution: From Windows PowerShell on Server1, you run the Export-DnsServerDnsSecPublicKey cmdlet.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Export-DnsServerDnsSecPublicKey
Module:
dnsserver
Exports DS and DNSKEY information for a DNSSEC-signed zone.

https://docs.microsoft.com/en-us/powershell/module/dnsserver/export-dnsserverdnssecpublickey?view=win10-ps

QUESTION 56
Your Network contains one Active Directory domain named contoso.com.

You pilot DirectAccess on the network.

During the pilot deployment, you enable DirectAccess only for a group Contoso\Test Computers.

Once the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.

What should you do?

A. From Windows PowerShell, run the Set-DAClient cmdlet.


B. From Windows PowerShell, run the Set-DirectAccess cmdlet.
C. From Active Directory Users and Computers, modify the membership of the Windows Authorization Access Group.
D. From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
To deploy Remote Access, you require a minimum of two Group policy objects: one Group policy object contains settings for the Remote Access server
and one contains settings for DirectAccess client computers.

When you configure Remote Access, the wizard automatically creates the required Group policy object. However, if your organization enforces a naming
convention, or you do not have the required permissions to create or edit Group policy objects, they must be created prior to configuring Remote Access.

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/single-server-wizard/da-basic-configure-s1-infrastructure

QUESTION 57
You have a server named Server1.

You enable BitLocker Drive Encryption (BitLocker) on Server1.

You need to change the password for the Trusted Platform Module (TPM) chip.

What should you run on Server1?


A. Initialize-Tpm
B. Import-TpmOwnerAuth
C. repair-bde.exe
D. bdehdcfg-exe

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
https://technet.microsoft.com/library/jj603116.aspx?f=255&MSPPError=-2147217396

The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify
the current owner authorization
value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read
the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that
contains the new value.

QUESTION 58
You have two servers named Server1 and Server2. A firewall exists between Server1 and Server2.

Both servers run Windows Server Update Services (WSUS). Server1 downloads updates from Microsoft update.

Server2 must synchronize updates from Server1.

Which port should to open on the firewall?

A. 80
B. 443
C. 3389
D. 8530

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
3.1.2. Connection between WSUS servers
WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator. By default, these ports are configured as
follows:
On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS

On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS

The firewall on the WSUS server must be configured to allow inbound traffic on these ports.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852346(v=ws.11)

QUESTION 59
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that
might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After your answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com.

You need to identify which server is the schema master.

Solution: You open Active Directory Users and Computers, right-click contoso.com in the console tree, and then click Operations Master.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
This solution only shows the domain FSMO roles, not the forest FSMO roles.

References: https://blogs.technet.microsoft.com/mempson/2007/11/08/how-to-find-out-who-has-your-fsmo-roles/

QUESTION 60
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that
might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After your answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review
screen.

Your network contains an Active Directory forest named contoso.com.


You need to identify which server is the schema master.

Solution: From a command prompt, you run netdom query fsmo.

Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
References:
https://blogs.technet.microsoft.com/mempson/2007/11/08/how-to-find-out-who-has-your-fsmo-roles/

QUESTION 61
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that
might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After your answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review
screen.

Your network contains an Active Directory forest named contoso.com.

You need to identify which server is the schema master.

Solution: From Windows PowerShell, you run Get-ADDomainController -Discover -Service 2.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Get a global catalog in the current forest using Discovery.
C:\PS>Get-ADDomainController -Discover -Service 2

-Service

Species the types of domain controllers to get. You can specify more than one type by using a comma-separated list. The acceptable values for this
parameter are:

PrimaryDC or 1
GlobalCatalog or 2
KDC or 3
TimeService or 4
ReliableTimeService or 5
ADWS or 6

https://technet.microsoft.com/en-us/itpro/powershell/windows/addsadministration/get-addomaincontroller?f=255&MSPPError=-2147217396

https://technet.microsoft.com/es-es/library/hh852293%28v=wps.620%29.aspx?f=255&MSPPError=-2147217396

QUESTION 62
You have a server named Server1 that runs Windows Server 2016. The Docker daemon runs on Server1.

You need to configure the Docker daemon to accept connections only on TCP port 64500.

What should you do?

A. Run the sc control command.


B. Run the New-NetFirewallRule cmdlet.
C. Modify the routing table on Server1.
D. Run the sc config command.
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
References:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon

QUESTION 63
You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host that hosts a virtual machine named VM1.

Server1 has three network adapter cards that are connected to virtual switches named vSwitch1, vSwitch2 and vSwitch3.

You configure NIC Teaming on VM1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that VM1 will retain access to the network if a physical network adapter card fails on Server1.

What should you do?

A. From the properties of the NIC team on VM1, change the load balancing of the NIC team.
B. From Hyper-V Manager on Server1, modify the settings of VM1.
C. From Windows PowerShell on Server1, run the Set-VmNetworkAdapterFailoverConfiguration cmdlet.
D. From Hyper-V Manager on Server1, modify the properties of vSwitch1.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
You can configure NIC teaming in the Guest OS; however, before NIC teaming will work in a virtual machine, you need to enable NIC teaming in the
Advanced Features section of the VM settings.

QUESTION 64
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After your answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com.

You need to identify which server is the schema master.

Solution: You open Active Directory Domains and Trusts, right-click Active Directory Domains and Trust in the console tree, and then click Operations
Master.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

This solution only shows the Domain Naming Master.

Domain FSMO roles, not the forest FSMO roles.

https://blogs.technet.microsoft.com/mempson/2007/11/08/how-to-find-out-who-has-your-fsmo-roles/

QUESTION 65
You have a server named Server1 that runs Windows Server 2016. The Docker daemon runs on Server1.

You need to ensure that members of a security group named Docker Administrators can administer Docker.

What should you do?

A. Run theSet-Service cmdlet.


B. Modify the Security settings of Dockerd.exe.
C. Edit the Daemon.json file.
D. Modify the Security settings of Docker.exe.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
There is a variation of this question where daemon.json is not listed, but we have run the sc config command.

References:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon

QUESTION 66
HOTSPOT
You have a server named Server1 that runs Windows Server 2016 server.

Server1 has the Docker daemon configured and has a container named Container1.

You need to mount the folder C:\Folder1 on Server1 to C:\ContainerFolder in Container1.

Which command should you run? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
You can mount a host directory in docker container, the right syntax should be:

docker run -it -v <host_directory_path>:<container_path> imagename

QUESTION 67
You have a Hyper-V host that runs Windows Server 2016. The host contains a virtual machine named VM1. VM1 has resource metering enabled.

You need to use resource metering to track the amount of network traffic that VM1 sends to the 10.0.0.0/8 network.

Which cmdlet should you run?

A. New-VMResourcePool
B. Set-VMNetworkAdapter
C. Add-VMNetworkAdapterAcl
D. Set-VMNetworkAdapterRoutingDomainMapping

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The Enable-VMResourceMetering cmdlet starts collecting resource utilization data for a virtual machine or resource pool.

You can use the Measure-VM or Measure-VMResourcePool cmdlet to obtain this data.

If resource metering is enabled but no NetworkAdapterAcls are configured, Hyper-V configures them to measure total network traffic. To measure
network traffic through an IP range, configure the NetworkAdapterAcls for the IP range before calling this cmdlet. (See Add-VMNetworkAdapterAcl for
more information.)

References:
https://technet.microsoft.com/itpro/powershell/windows/hyper-v/add-vmnetworkadapteracl

QUESTION 68
DRAG DROP

You have a physical server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host.

On Server1, you create a virtual machine named VM1 that runs Windows Server 2016.

You plan to install the Hyper-V server role on VM1.

You need to ensure that you can configure VM1 to host virtual machines.

How should you compete the Windows PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Select and Place:


Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
Configure Nested Virtualization
Create a virtual machine. See the prerequisites above for the required OS and VM versions.
While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host. This enables nested virtualization for the virtual
machine.

Set-VMProcessor -VMName -ExposeVirtualizationExtensions $true

Start the virtual machine.


Install Hyper-V within the virtual machine, just like you would for a physical server. For more information on installing Hyper-V see, Install Hyper-V.
Disable Nested Virtualization
You can disable nested virtualization for a stopped virtual machine using the following PowerShell command:
none

Set-VMProcessor -VMName -ExposeVirtualizationExtensions $false

Dynamic Memory and Runtime Memory Resize


When Hyper-V is running inside a virtual machine, the virtual machine must be turned off to adjust its memory. This means that even if dynamic memory
is enabled, the amount of memory will not fluctuate. For virtual machines without dynamic memory enabled, any attempt to adjust the amount of memory
while it’s on will fail.
Note that simply enabling nested virtualization will have no effect on dynamic memory or runtime memory resize. The incompatibility only occurs while
Hyper-V is running in the VM.

QUESTION 69
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has two virtual machines named VM1 and VM2.

You discover that VM1 and VM2 can communicate with Server1 over the network.

You need to ensure that VM1 and VM2 can communicate with each other only. The solution must prevent VM1 and VM2 from communicating with
Server1.

Which cmdlet should you use?

A. Enable-VMSwitchExtention
B. Set-NetNeighbor
C. Set-VMSwitch
D. Remove-VMSwitchTeamMember

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The virtual switch needs to be configured as an “Private” switch.

QUESTION 70
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

You install IP Address Management (IPAM) on Server1. You select the automatic provisioning method, and then you specify a prefix of IPAM1.
You need to configure the environment for automatic IPAM provisioning.

Which cmdlet should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
About Invoke-IpamGpoProvisioning

https://technet.microsoft.com/en-us/itpro/powershell/windows/ipamserver/invoke-ipamgpoprovisioning
About Set-IpamConfiguration
https://technet.microsoft.com/itpro/powershell/windows/ipamserver/set-ipamconfiguration?f=255&MSPPError=-2147217396

FYI : There is NO Domain parameter in Set-IpamConfiguration Command !


QUESTION 71
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run
Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.

The domain has two users named User1 and User2 and a group named Group1. User1 is the only member of Group1.

Server1 has one IPAM access policy. You edit the access policy as shown in the Policy exhibit. (Click the Exhibit button.)
The DHCP scopes are configured as shown in the Scopes exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
User1 can modify scope2 and scope3, not Scope1 as Access scope policy should be \Global\Scope1

User2 as far as we can see does not have any permission in IPAM.

QUESTION 72
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run
Windows Server 2016.

Server1 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed. Server2 has IP Address Management (IPAM) installed.

You create a domain user named User1.

You need to integrate IPAM and VMM. VMM must use the account of User1 to manage IPAM. The solution must use the principle of least privilege.

What should you do on each server? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
VMM must be granted permission to view and modify IP address space in IPAM, and to perform remote management of the IPAM server. VMM uses a
“Run As” account to provide these permissions to the IPAM network service plugin. The “Run As” account must be configured with appropriate
permission on the IPAM server.

On Server1: Create a Run As Account that uses User1.


On Server2: Add User1 to IPAM ASM Administrator Role.

https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/jj878348(v=ws.11).aspx

QUESTION 73
HOTSPOT

You have a server named VM1. VM1 is a virtual machine on a Hyper-V host that runs Windows Server 2016.
You need to create a checkpoint that includes the virtual machine memory state of VM1.

What commands should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Starting with Windows Server 2016 and Windows 10, you can choose between standard and production checkpoints for each virtual machine.
Production checkpoints are the default for new virtual machines.

Production checkpoints are "point in time" images of a virtual machine, which can be restored later on in a way that is completely supported for all
production workloads. This is achieved by using backup technology inside the guest to create the checkpoint, instead of using saved state technology.

Standard checkpoints capture the state, data, and hardware configuration of a running virtual machine and are intended for use in
development and test scenarios. Standard checkpoints can be useful if you need to recreate a specific state or condition of a running virtual
machine so that you can troubleshoot a problem.

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/checkpoints

QUESTION 74
HOTSPOT
You have a server named Server1 that runs Windows Server 2016 and has a Hyper-V server role installed.

You open Disk Management on Server1 as shown in the following graphic.


You plan to configure Disk 13 as a pass-through disk for a generation 1 virtual machine.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
“Note: If the disk does not appear in the drop down list, ensure the disk is Offline

“If the Pass-through disk will be used to boot the operating system, it must be attached to an IDE Controller.”

https://blogs.technet.microsoft.com/askcore/2008/10/24/configuring-pass-through-disks-in-hyper-v/

QUESTION 75
HOTSPOT
You have a Hyper-V host that runs Windows Server 2016. The Hyper-V host has a virtual machine named VM1.

You have a VHD named VHD1.vhdx that has a generalized image of Windows Server 2016.

You plan to create multiple virtual machines that will use the generalized image.

You need to create differencing disks based on VHD1.vhdx.

What command should you run? To answer, select the appropriate options in the answer area.
Hot Area:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
References:

https://technet.microsoft.com/en-us/itpro/powershell/windows/hyper-v/new-vhd

QUESTION 76
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows
Server 2016.

Server1 has IP Address Management (IPAM) installed. IPAM uses a Windows Internal Database.

You install Microsoft SQL Server on Server1.

You plan to move the IPAM database to SQL Server.

You need to create a SQL Server login for the IPAM service account.

For which user should you create the login? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
References:

https://blogs.technet.microsoft.com/yagmurs/2014/07/31/moving-ipam-database-from-windows-internal-database-wid-to-sql-server-located-on-the-
same-server/

QUESTION 77
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run
Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.

You create a domain user account named User1.

You need to ensure that User1 can use IPAM to manage DHCP.

Which command should you run on Server1? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
https://technet.microsoft.com/en-us/library/bb490706.aspx?f=255&MSPPError=-2147217396

QUESTION 78
HOTSPOT
You have a DNS server named Server1.

The forwarders are configured as shown in the Forwarders exhibit. (Click the Exhibit button.)
The Advanced Settings are configured as shown in the Advanced exhibit. (Click the Exhibit button.)
The Root Hints are configured as shown in the Root Hints exhibit. (Click the Exhibit button.)
Server1 does not contain any DNS zones.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Hot Area:

Correct Answer:

Section: (none)
Explanation
Explanation/Reference:
Recursion is disabled so internet hosts cannot be resolved.
The recursive test fails because recursion is disabled.
Server1 is not configured as a root server. The forwarders list would be greyed out if it was.

QUESTION 79
HOTSPOT
Your network contains an Active Directory forest named contoso.com.

You need to add a new domain named fabrikam.com to the forest.

What command should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:

Section: (none)
Explanation
Explanation/Reference:
-DomainType
Indicates the type of domain that you want to create: a new domain tree in an existing forest (supported values are "TreeDomain" or "tree"), a child of an
existing domain (supported values are "ChildDomain" or "child"). The default is ChildDomain.

References:
https://technet.microsoft.com/en-us/library/hh974722(v=wps.630).aspx

QUESTION 80
HOTSPOT
Your company has a main office and a branch office. The two offices connect to each other by using a WAN link.

Your network contains an Active Directory forest named contoso.com. The forest contains a domain controller named DC1. All of the domain controllers
are located in the main office.

You install a read-only domain controller (RODC) named RODC1 in the branch office.

You create a user account for a new user named User1. You add User1 to the Allowed RODC Password Replication Group. User1 starts work on
Monday.

You are notified that the WAN link will be down for maintenance on Monday.

You need to ensure that User1 can log on in the branch office site on Monday.

Which command should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Repadmin /rodcpwdrepl

Triggers replication of passwords for the specified users from a writable Windows Server 2008 source domain controller to one or more read-only
domain controllers (RODCs).

For each destination RODC, the source domain controller enforces the Password Replication Policy (PRP) before it performs the operation. If the PRP
does not permit replicating the password to an RODC for a specified user, the operation for that user and RODC combination fails.

References:
https://technet.microsoft.com/en-us/library/cc742095(v=ws.11).aspx

QUESTION 81
You create a Nano server image named Nano1.vhdx by using the New-NanoServerImage cmdlet.

You attach Nano1.vhdx to a Generation 1 virtual machine named Nano1.

When you start Nano1, you get the following error message: “Boot failure. Reboot and select proper Boot device or Insert Boot Media in selected Boot
device”

You need to successfully start Nano server.

What should you do?

A. Attach Nano1.vhdx to a SCSIcontroller.


B. Recreate Nano1 as a Generation 2 virtual machine.
C. Increase the memory of Nano1 to 512 Mb.
D. Modify the BIOS settings of Nano1.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

A Generation 1 VM cannot boot from a vhdx disk; only a Generation 2 VM can boot from an vhdx disk.

QUESTION 82
You have a server named Server1 that runs Windows Server 2016.

You need to install the DNS Server role on Server1.

What should you run?

A. the Install-Package cmdlet


B. the setup.exe command
C. the dnscmd.exe command
D. the Enable-WindowsOptionalFeature cmdlet
E. the add-windowsPackage cmdlet

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
***Right answer should be: Install-WindowsFeature

QUESTION 83
DRAG DROP
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. DC2 is a virtual machine that is
hosted on a Hyper-V host named HyperV1. DC1 holds the PDC emulator operations master role.

You need to create a new domain controller named DC3 by using domain controller cloning.

Which five actions should you perform in sequence before you can import the cloned virtual machine? To answer, move the appropriate actions from the
list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Prepare the source domain controller

Step 3: Authorize the source domain controller for cloning

Step 4: Remove incompatible services or programs or add them to the CustomDCCloneAllowList.xml file.
Step 5: Create DCCloneConfig.xml

Step 6: Take the source domain controller offline

Create the cloned domain controller

Step 7: Copy or export the source VM and add the XML if not already copied

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/virtualized-domain-controller-deployment-and-
configuration#BKMK_VDCCloning

QUESTION 84
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have a Hyper-V host named Server1 that runs Windows Server 2016 and a two-node scale-out file server cluster named Cluster1.

A virtual machine named VM1 runs on Server1.

You need to migrate the storage on VM1 to Cluster1.

Which tool should you use?

A. the clussvc.exe command


B. the cluster.exe command
C. the Computer Management snap-in
D. the configurehyperv.exe command
E. the Disk Management snap-in
F. the Failover Cluster Manager snap-in
G. the Hyper-V Manager snap-in
H. the Server Manager app

Correct Answer: G
Section: (none)
Explanation

Explanation/Reference:
Explanation:

https://blogs.technet.microsoft.com/canitpro/2014/04/23/step-by-step-completing-storage-live-migration-in-hyper-v-2012-r2/

QUESTION 85
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have two servers named Server1 and Server2 that run Windows Server 2016. Server1 and Server2 have the Hyper-V server role installed.

An iSCSI SAN connects to the network.

You create a LUN on the SAN and configure both servers to connect to the iSCSI target.

You create a failover cluster and add Server1 and Server2 to the cluster. You connect both servers to the iSCSI target and format the shared storage.

You need to add the shared storage to the cluster. The solution must ensure that virtual machines running on both nodes can access the shared storage
simultaneously.

Which tool should you use?

A. the clussvc.exe command


B. the cluster.exe command
C. the Computer Management snap-in
D. the configurehyperv.exe command
E. the Disk Management snap-in
F. the Failover Cluster Manager snap-in
G. the Hyper-V Manager snap-in
H. the Server Manager app

Correct Answer: F
Section: (none)
Explanation

Explanation/Reference:
References:
https://technet.microsoft.com/en-us/library/jj612868(v=ws.11).aspx

QUESTION 86
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have a two-node Hyper-V cluster named Cluster1 at a primary location and a stand-alone Hyper-V host named Server1 at a secondary location.

A virtual machine named VM1 runs on Cluster1.


You configure a Hyper-V Replica of VM1 to Server1.

You need to perform a Test Failover of VM1.

Which tool should you use?

A. the clussvc.exe command


B. the cluster.exe command
C. the Computer Management snap-in
D. the configurehyperv.exe command
E. the Disk Management snap-in
F. the Failover Cluster Manager snap-in
G. the Hyper-V Manager snap-in
H. the Server Manager app

Correct Answer: G
Section: (none)
Explanation

Explanation/Reference:
Explanation:

https://blogs.technet.microsoft.com/virtualization/2012/07/25/types-of-failover-operations-in-hyper-v-replica-part-i-test-failover/

QUESTION 87
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have a two-node Hyper-V cluster named Cluster1.

A virtual machine named VM1 runs on Cluster1.

You need to configure monitoring of VM1. The solution must move VM1 to a different node if the Print Spooler service on VM1 stops unexpectedly.

Which tool should you use?

A. the clussvc.exe command


B. the cluster.exe command
C. the Computer Management snap-in
D. the configurehyperv.exe command
E. the Disk Management snap-in
F. the Failover Cluster Manager snap-in
G. the Hyper-V Manager snap-in
H. the Server Manager app

Correct Answer: F
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Configuration
VM Monitoring can be easily configured using the Failover Cluster Manager through the following steps:

Right click on the Virtual Machine role on which you want to configure monitoring
Select “More Actions” and then the “Configure Monitoring” options
3) You will then see a list of services that can be configured for monitoring using the Failover Cluster Manager.
https://blogs.msdn.microsoft.com/clustering/2012/04/18/how-to-configure-vm-monitoring-in-windows-server-2012/

QUESTION 88
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one
question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that
question.

You have two servers named Server1 and Server2 that run Windows Server 2016. Server1 and Server2 have the Hyper-V server role installed and are
nodes in a failover cluster.

On Server1, an administrator creates a virtual machine named VM1.

You need to configure VM1 for high availability.

Which tool should you use?

A. the clussvc.exe command


B. the cluster.exe command
C. the Computer Management snap-in
D. the configurehyperv.exe command
E. the Disk Management snap-in
F. the Failover Cluster Manager snap-in
G. the Hyper-V Manager snap-in
H. the Server Manager app

Correct Answer: F
Section: (none)
Explanation

Explanation/Reference:
Explanation:
References:

http://windowsitpro.com/hyper-v/make-vm-highly-available-windows-server-2012

QUESTION 89
You have a server that runs Windows Server 2016.

The server contains a storage pool named Pool1. Pool1 contains five physical disks named Disk1, Disk2, Disk3, Disk4, and Disk5.

A virtual disk named VirtualDisk1 is stored in Pool1. VirtualDisk1 uses the parity storage layout.

Disk3 fails.

You need to remove Disk3 from Pool1.

Which two commands should you run? Each correct answer presents part of the solution.

A. Update-StoragePool –FriendlyName Pool1


B. Set-ResiliencySetting –StoragePool Pool1 –PhysicalDiskRedundancyDefault 4
C. Reset-PhysicalDisk –FriendlyName Disk3
D. Remove-PhysicalDisk –FriendlyName Disk3
E. Set-PhysicalDisk –FriendlyName Disk3 –Usage Retired

Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
Explanation:

QUESTION 90
You have an application named App1. App1 is distributed to multiple Hyper-V virtual machines in a multitenant environment.

You need to ensure that the traffic is distributed evenly among the virtual machines that host App1.

What should you include in the environment?

A. Network Controller and Windows Server Software Load Balancing (SLB) nodes
B. an RAS Gateway and Windows Server Software Load Balancing (SLB) nodes
C. an RAS Gateway and Windows Server Network Load Balancing (NLB) nodes
D. Network Controller and Windows Server Network Load Balancing (NLB) nodes

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Software Load Balancing Infrastructure


To deploy Windows Server SLB, you must first deploy Network Controller in Windows Server 2016 Technical Preview and one or more SLB MUX
VMs.

References:
https://technet.microsoft.com/en-us/library/mt632286.aspx

QUESTION 91
HOTSPOT
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is a Remote Desktop Services (RDS) server.

You need to ensure that only TCP port 3389 can be used to connect to VM1 over the network.

Which command should you run on the Hyper-V host? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
The Add-VMNetworkAdapterExtendedAcl cmdlet creates an extended access control list (ACL) for a virtual network adapter. The ACL allows or denies
access to a virtual machine network adapter for network packets based on source IP address, destination IP address, protocol, source port, and
destination port.

References:

https://technet.microsoft.com/en-us/library/dn464289.aspx

QUESTION 92
Your company has 10 offices. Each office has a local network that contains several Hyper-V
hosts that run Windows Server 2016.
All of the offices are connected by high speed, low latency WAN links.
You need to ensure that you can use QoS policies for Live Migration traffic between the offices.

Which component should you install?

A. the Multipath I/O feature


B. the Routing role service
C. the Network Controller server role
D. the Canary Network Diagnostics feature
E. the Data Center Bridging feature

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:
***In case of 1 selection -> the Data Center Bridging feature

*** IN case of 2 selections:

Network Controller communicates with network devices, services, and components by using the Southbound API. With the Southbound API, Network
Controller can discover network devices, detect service configurations, and gather all of the information you need about the network. In addition, the
Southbound API gives Network Controller a pathway to send information to the network infrastructure, such as configuration changes that you have
made.

DCB provides hardware-based bandwidth allocation to a specific type of traffic and enhances Ethernet transport reliability with the use of priority-based
flow control.

Ref:
https://technet.microsoft.com/en-us/library/dn859239.aspx
https://technet.microsoft.com/en-us/library/hh849179(v=ws.11).aspx

QUESTION 93
Hotspot Question
You have a server named Server1 that runs Windows Server 2016 Server1 is a Hyper-V host.
You have two network adapter cards on Server1 that are Remote Direct Memory Access (RDMA)- capable.

You need to aggregate the bandwidth of the network adapter cards for a virtual machine on Server1. The solution must ensure that the virtual machine
can use the RDMA capabilities of the
network adapter cards.

Which command should you run first? To answer, select the appropriate options in the answer area.
Hot Area:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
Explanation:
Create a Hyper-V Virtual Switch with SET and RDMA vNICs
To make use of RDMA capabilies on Hyper-V host virtual network adapters (vNICs) on a Hyper-V
Virtual Switch that supports RDMA teaming, you can use this example Windows PowerShell
script.
#
# Create a vmSwitch with SET
#
New-VMSwitch -Name SETswitch -NetAdapterName "SLOT 2","SLOT 3" -
EnableEmbeddedTeaming $true
#
# Add host vNICs and make them RDMA capable
#
Etc.
Note: As New-VmSwitch is not an alternative, we choose the Add-VMSwitch command instead.
Thee Add-VmSwitch command does not have -NetAdapter and -EnableEmbeddedTeaming
parameters.

QUESTION 94
You have a server named Server1 that runs Windows Server 2016.
You need to configure Server1 as a multitenant RAS Gateway.

What should you install on Server1?

A. the Network Policy and Access Services server role


B. the Remote Access server role
C. the Data Center Bridging feature
D. the Network Controller server role

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
RAS Gateway - Multitenant. You can deploy RAS Gateway as a multitenant, software- based edge gateway and router when you are using Hyper-V
Network Virtualization or you have VM networks
deployed with virtual Local Area Networks (VLANs). With the RAS Gateway, CloudService Providers (CSPs) and Enterprises can enable datacenter and
cloud network
traffic routing between virtual and physical networks, including the Internet.

With the RAS Gateway, your tenants can use point-so-site VPN connections to access their VM network resources in the datacenter from anywhere.
You can also provide tenants with site-to-site
VPN connections between their remote sites and your CSP datacenter. In addition, you can configure the RAS Gateway with BGP for dynamic routing,
and you can enable Network Address Translation
(NAT) to provide Internet access for VMs on VM networks.

References:
https://technet.microsoft.com/en-us/windows-server-docs/networking/remote- access/remote-access

QUESTION 95
Hotspot Question
Your company has a testing environment that contains an Active Directory domain named
contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed IPAM has the following configuration.

The IPAM Overview page from Server Manager is shown in the IPAM Overview exhibit.
Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
No domains have been selected in the “Configure Server Discovery” option.

Therefore, no automatic discovery will take place.

Manual addition of a server will also fail because IPAM needs a domain configured for server verification.
QUESTION 96
Hotspot Question
Your network contains an Active Directory forest.
The forest contains one domain named contoso.com.
The domain contains two domain controllers named DC1 and DC2.
DC1 holds all of the operations master roles.
During normal network operations, you run the following commands on DC2:

Move-ADDirectoryServerOperationMasterRole-Identity "DC2" - OperationMasterRolePDCEmulator


Move-ADDirectoryServerOperationMasterRole-Identity "DC2" -OperationMasterRoleRIDMaster

DC1 fails.

You remove DC1 from the network, and then you run the following command:

Move-ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRoleSchemaMaster

For each of the following statements, select Yes if the statement is true. Otherwise, select No

Answer:

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
1: we need to use the -force parameter to seize the operations master role after DC1 Fails.
2: we already transfer PDC before DC1 fails, so YES.
3: we cannot add domains to the forest without the Master operations role.
QUESTION 97
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1.
Server1 configured to use a forwarder named server2.contoso.com that has an IP address of
10.0.0.10.
You need to prevent Server1 from using root hints if the forwarder is unavailable.
What command should you run? To answer, select the appropriate options in the answer area

Hot Area:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name System (DNS) server. This cmdlet sets or resets IP addresses to
which the DNS server forwards DNS queries when it cannot solve them locally. This cmdlet overwrites existing server level forwarders.

-UseRootHint
Specifies whether to prevent the DNS server from performing iterative queries. If you set UseRootHint to $false, the DNS server forwards unresolved
queries only to the DNS servers in the forwarders list and does not try iterative queries if the forwarders do not resolve the queries.

QUESTION 98
You have a Nano Server named Nano1.
Which cmdlet should you use to identify whether the DNS Server role is installed on Nano1?

A. Find-NanoServerPackage
B. Get-Package
C. Find-Package
D. Get-Windows Optional Feature

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
http://www.thomasmaurer.ch/2017/01/nano-server-powershell-package-management/

MSDN article
https://msdn.microsoft.com/en-us/powershell/reference/5.0/packagemanagement/get-package

QUESTION 99
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1
You enable Response Rate Limiting on Server1.
You need to prevent Response Rate Limiting from applying to hosts that reside on the network of 10.0.0.0/24.
Which cmdlets should you run? To answer, select the appropriate options in the answer area

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
To exempt hosts from Response Rate Limiting use the Add-DnsServerResponseRateLimitingExceptionlist cmdlet.

In the Add-DnsServerResponseRateLimitingExceptionlist cmdlet you can specify the ClientSubnet parameter.

https://blogs.technet.microsoft.com/teamdhcp/2015/08/28/response-rate-limiting-in-windows-dns-server/
https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverresponseratelimitingexceptionlist?view=win10-ps

To create a client subnet use the Add-DnsServerClientSubnet. This cmdlet a client subnet to a Domain Name System (DNS) server. A client subnet is a
group of IP subnets.

See: https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverclientsubnet?view=win10-ps

“You enable Response Rate Limiting on Server1.” so we dont need to enable it. : Add-DnsServerClientSubnet & Add-
DnsServerResponseRateLimitingExceptionlist

Ref for the commands:


https://technet.microsoft.com/en-us/itpro/powershell/windows/dns-server/add-dnsserverclientsubnet
https://technet.microsoft.com/en-us/itpro/powershell/windows/dns-server/set-dnsserverresponseratelimitingexceptionlist

QUESTION 100
Drag and Drop Question
You are deploying DirectAccess to a server named DA1.
DA1 will be located behind a firewall and will have a single network adapter.
The intermediary network will be IPv4.
You need to configure firewall to support DirectAccess.
Which firewall rules should you create for each type of traffic? To answer, drag the appropriate
ports and protocols to the correct traffic types. Each port and protocol may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view
content

Select and Place:


Correct Answer:

Section: (none)
Explanation
Explanation/Reference:
Teredo uses UDP 3544 https://technet.microsoft.com/en-us/library/bb457011.aspx?f=255&MSPPError=-2147217396

6to4 traffic uses ID 41 https://en.wikipedia.org/wiki/6to4

HTTPS: TCP 443

QUESTION 101
Drag and Drop Question
You have a server named Server1 that runs Windows Server 2016.

You plan to deploy Internet Information Services (IIS) in a Windows container.

You need to prepare Server1 for the planned deployment.


Which three actions should you perform in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Step 1 (A): The container feature needs to be enabled before working with Windows containers. To do so run the following command in an elevated
PowerShell session.

Enable-WindowsOptionalFeature -Online -FeatureName containers –All

Step 2 (B): Docker is required in order to work with Windows containers.

Note: First install the OneGet PowerShell module.


Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Next you use OneGet to install the latest version of Docker.
Install-Package -Name docker -ProviderName DockerMsftProvider

Step 3 (C): Install Base Container Images


Windows containers are deployed from templates or images. Before a container can be deployed, a container base OS image needs to be downloaded.
The following commands will download the Nano Server base image.
Pull the Nano Server base image.
docker pull microsoft/nanoserver

QUESTION 102
You have a server named Served that runs Windows Server 2016.
Server1 will be used as a VPN server.
You need to configure Server1 to support VPN Reconnect.
Which VPN protocol should you use?

A. PPTP
B. L2TP
C. SSTP
D. lKEv2

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
An IKEv2 VPN provides resilience to the VPN client when the client either moves from one wireless hotspot to another or switches from a wireless to a
wired connection.
This ability is a requirement of VPN Reconnect

QUESTION 103
You have a server named Server1 that runs Windows Server 2016.
You install the Docker daemon on Server1.
You need to configure the Docker daemon to accept connections only on TCP port 64500.
What should you do?

A. Run the New-NetFirewallRulecmdlet


B. Run the Set-ServiceWindows PowerShell cmdlet.
C. Edit the daemon.json file.
D. Edit the configuration json file

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:
Configure Docker with Configuration File
The preferred method for configuring the Docker Engine on Windows is using a configuration file.
The configuration file can be found at 'c:\ProgramData\docker\config\daemon.json'.
Only the desired configuration changes need to be added to the configuration file. For example,
this sample configures the Docker Engine to accept incoming connections on port 64500. All
other configuration options will use default values.
{
"hosts": ["tcp://0.0.0.0:64500"]
}
References: https://msdn.microsoft.com/enus/
virtualization/windowscontainers/docker/configure_docker_daemon

QUESTION 104
You have an Active Directory domain named Contoso com.
The domain contains servers named Server1 and Server2 that run Windows Server 2016.
You install the Remote Access server role on Server1.
You install the Network Policy and Access Services server role on Server2.

You need to configure Server1 to use Server2 as a RADIUS server.

What should you do?

A. From Routing and Remote Access, configure the authentication provider.


B. From the Connection Manager Administration Kit, create a Connection Manager profile
C. From Server Manager, create an Access Policy.
D. From Active Directory Users and Computers, modify the Delegation settings of the Server1 computer account.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
After the Routing and Remote Access and Demand-Dial Interface wizards complete, Windows authentication and Windows accounting are selected by
default. You can change these defaults from Windows authentication and Windows accounting to Remote Authentication Dial-In User Service (RADIUS)
authentication and RADIUS accounting, or you can choose separate providers for authentication and accounting. For a deployment that supports only a
site-to-site connection, use Windows authentication and Windows accounting. However, you can change these defaults if the same answering router will
support both the site-to-site connection and remote access users, and you want to use RADIUS as either the authentication provider or the accounting
provider.
Use the following procedures to accomplish these tasks:

Configure the authentication provider on the answering router


Configure the accounting provider on the answering router

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687693(v=ws.10)

QUESTION 105
Hotspot Question
You have a server named Server1 that runs Windows Server 2016. Server1 has the Windows Application proxy role service installed.

You plan to deploy Remote Desktop Gateway (RD Gateway) services. Clients will connect to the RD Gateway services by using various types of devices
including Windows, iOS and Android devices.
You need to publish the RD Gateway services through the Web Application Proxy.

Which command should you run? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Set-WebApplicationProxyApplication – Modifies settings of a web application published through Web Application Proxy. We Need to Create.

https://technet.microsoft.com/en-us/itpro/powershell/windows/wap/set-webapplicationproxyapplication

Set-WebApplicationProxyConfiguration -Modifies the configuration settings of a Web Application Proxy server. We need to publish and application, not
destroy the server

https://technet.microsoft.com/en-us/itpro/powershell/windows/wap/set-webapplicationproxyconfiguration
So the first is correct: Add-WebApplicationProxyApplication -Publishes a web application through Web Application Proxy.

-ADFSRelyingPartyName argument is used, therefore the PreAuthentication is to be done by -> ADFS

QUESTION 106
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.

You have three servers named Server1, Server2. Server3 that run Windows Server 2016 Server1
and Server2 have the Hyper-V server role installed.
Server3 has the iSCSI Target Server role service installed.

You need to create a Hyper-V cluster.

Which tool should you use first?

A. the clussvc.exe command


B. the cluster.exe command
C. the Computer Management console
D. the configurehyperv.exe command
E. the Disk Management console
F. the Failover Cluster Manager console
G. the Hyper-V Manager console
H. the Server Manager Desktop app

Correct Answer: H
Section: (none)
Explanation

Explanation/Reference:
The question does not state the failover Cluster Feature is installed, this should be done on Server 1 and Server 2 before a cluster can be created (or
the clustermanager is available). Therefore the servermanager is the option to use before anything else.

QUESTION 107
Note: This question is part of a series of questions that use the same similar answer choices.
An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
You have a Hyper-V host named Server1 that runs Windows Server 2016.
Server1 has a virtual machine named VM1 that uses a single VHDX file.
VM1 is configured shown in the following table

You plan to use VM1 as a virtual Machine Template to deploy shielded virtual machines.
You need to ensure that VM1 can be used to deploy shielded virtual machines.
What should you run?

A. the Mount-VHD cmdlet


B. the Diskpart command
C. the Set-VHD cmdlet
D. the Set-VM cmdlet
E. the Set-VMHost cmdlet
F. the Set-VMProcessor cmdlet
G. the Install-Windows Feature cmdlet
H. the Optimize-VHD cmdlet

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
First we need to run diskpart to create 2 partitions.

The disk has at least two partitions. One partition must include the drive on which Windows is installed. This is the drive that BitLocker will encrypt. The
other partition is the active partition, which contains the bootloader and remains unencrypted so that the computer can be started.

https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-create-a-shielded-vm-template
QUESTION 108
Your network contains an Active Directory forest named contoso.com.
The forest contains an Active Directory Federation Services (AD FS) farm.

You install Windows Server 2016 on a server named Server2.


You need to configure Server2 as a node in the federation server farm.

Which cmdlets should you run? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
With the provided options: Install-ADFSFarm is incorrect.

This cmdlet only creates a new ADFS Farm, but the server should be added to an existing farm and you cannot use Install-ADFSFarm to add a server to
an existing farm.

With Add-ADFSFarmNode you can add a node to an existing farm.

QUESTION 109
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration

You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.

Solution: From a Group Policy object (GPO) in the domain, you modify the Network List Manager Policies.

Does this meet the goal?

A. Yes
B. No
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:
Network List Manager Policies are security settings that you can use to configure different aspects of how networks are listed and displayed on one
computer or on many computers.

Network List Manager Policies are not relatged to DNSSEC.

References: https://technet.microsoft.com/en-us/library/jj966256(v=ws.11).aspx

QUESTION 110
In this section, you'll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the
solution meets the stated goals. Any of the solutions might solve the problem.
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution.
Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients

Solution: From the Security setting of each zone on Server1, you modify the permissions.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 111
In this section, you'll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the
solution meets the stated goals. Any of the solutions might solve the problem.
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution.
Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1.
All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to prevent Server1 from resolving queries from DNS clients located on Subnet4 Server1 must resolve queries from all other DNS clients.

Solution: From Windows Firewall with Advanced Security on Server1, you create an inbound rule.
Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 112
In this section, you'll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the
solution meets the stated goals. Any of the solutions might solve the problem.
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution. Determine whether the solution meets the
stated goals.
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.

Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to
DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you
can configure to specify DNS settings or
special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS
query. If a DNS query or response
matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed
normally.

References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx

QUESTION 113
In this section, you'll see one or more sets of questions with the same scenario and problem.
Each question presents a unique solution to the problem, and you must determine whether the
solution meets the stated goals. Any of the solutions might solve the problem.
It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution. Determine whether the solution meets the
stated goals.
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4.
Server1 must resolve queries from all other DNS clients.
Solution: From Windows PowerShell on Server1, you run the Export-DnsServerDnsSecPublicKey
cmdlet.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 114
You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host.

You run the commands shown in the following graphic:

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
The Add-VMSwitchTeamMember cmdlet adds adapters as members to a virtual switch team.

1: we have only 1 network adapter with 2 NIC.


2: after we add another adapter with the add-VMSwitchTeamMember we have 2

QUESTION 115
You have a Hyper-V host named Server1 that runs Windows Server 2016. The host has two virtual machines (VMs) named VM1 and VM2.

On the Hyper-V host, you create two virtual disks named Disk1 and Disk2.

You plan to create a test environment for Storage Spaces Direct. You need to configure the VMs to connect to the virtual disks.

What should you use?

A. An ISCSI target
B. A virtual SCSI controller
C. A virtual fibre channel adapter
D. A virtual IDE controller

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

https://blogs.msdn.microsoft.com/clustering/2015/05/27/testing-storage-spaces-direct-using-windows-server-2016-virtual-machines/

QUESTION 116
You have a server named Server1 that runs Windows server 2016.

You need to configure Server1 as a Web Application Proxy

Which server role or role service should you install on Server1

A. Network policy and Access Services


B. Active Directory Federation Services
C. Web Server (IIS)
D. Remote Access
E. Direct Access and VPN (RAS)

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
The Remote Access server role is a logical grouping of the following related network access technologies.

Remote Access Service (RAS)


Routing
Web Application Proxy

These technologies are the role services of the Remote Access server role. When you install the Remote Access server role with the Add Roles and
Features Wizard or Windows PowerShell, you can install one or more of these three role services.

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/remote-access
QUESTION 117
You need to implement network virtualization
On which object should you configure the virtual subnet ID?

A. VM
B. Virtual switch
C. Virtual network adapter
D. Hiper-V server

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
The Set-VMNetworkAdapter cmdlet configures features of the virtual network adapter in a virtual machine or the management operating system.

-VirtualSubnetId
Specifies the virtual subnet ID to use with Hyper-V Network Virtualization. Allowed values range from 4096 to 16777215 (2^24 - 1), in addition to 0. Use
0 to clear this parameter.

https://docs.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadapter?view=win10-ps

http://www.contentmaster.com/content-master/network-virtualization-step-by-step-part-1/

QUESTION 118
A. On server2, configure the VLAN ID setting of switch1
B. Modify the subnet mask of VM1 and VM2
C. Configure network virtualization for VM1 and VM2
D. On server2, create an external switch and connect VM3 to the switch

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
https://blogs.technet.microsoft.com/networking/2016/10/26/network-virtualization-with-ws2016-sdn/

QUESTION 119
Your company has 10 offices. Each office has a local network that contains several Hyper-V hosts that run Windows Server 2016. All of the offices are
connected by high speed, low latency WAN links.

You need to ensure that you can use QoS policies for Live Migration traffic between the offices.

Which component should you install?


A. the Canary Network Diagnostics feature
B. the Network Controller server role
C. the Data Center Bridging feature
D. the Multipath I/O feature
E. the Routing role service

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
***In case of 1 selection -> the Data Center Bridging feature

*** IN case of 2 selections:

Network Controller communicates with network devices, services, and components by using the Southbound API. With the Southbound API, Network
Controller can discover network devices, detect service configurations, and gather all of the information you need about the network. In addition, the
Southbound API gives Network Controller a pathway to send information to the network infrastructure, such as configuration changes that you have
made.

DCB provides hardware-based bandwidth allocation to a specific type of traffic and enhances Ethernet transport reliability with the use of priority-based
flow control.

Ref:
https://technet.microsoft.com/en-us/library/dn859239.aspx
https://technet.microsoft.com/en-us/library/hh849179(v=ws.11).aspx

QUESTION 120
You have a container host named Server1 that runs Windows Server 2016.

You need to start a Hyper-V container on Server1.

Which parameter should you use with the docker run command?

A. --runtime
B. --entrypoint
C. --privileged
D. --expose
E. --isolation
Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Create Hyper-V containers

Windows Server containers and Hyper-V containers are created and managed, and are functionally identical. Both types of containers also use the
same container images. The difference between a Windows Server container and a Hyper-V container is the level of isolation that is present to the host,
or other containers on that host. The first difference is that when creating the container, specify the --isolation=hyperv parameter.

docker run -it --isolation=hyperv nanoserver cmd

QUESTION 121
Your network contains Windows and non-Windows devices.
You have a DHCP server named Server1 that has an IPv4 scope named Scope1.
You need to prevent a client computer that uses the same name as an existing registration from
updating the registration.

What should you do?

A. From the properties of Scope1, modify the Conflict detection attempts setting.
B. From the properties of Scope1, configure Name Protection.
C. From the properties of IPv4, configure the bindings
D. From IPv4, create a new filter.
E. From the properties of Scope1, create an exclusion range.
F. From IPv4 run the DHCP Policy Configuration Wizard.
G. From Control Panel, modify the properties of Ethernet.
H. From Scope1, create a reservation.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Name squatting occurs when a non-Windows-based computer registers in Domain Name System (DNS) with a name that is already registered to a
Windows-based computer. The use of name protection in Windows Server prevents name squatting by non-Windows-based computers. Name
squatting does not present a problem on a homogeneous Windows network where Active Directory Domain Services (AD DS) can be used to reserve a
name for a single user or computer

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759188(v=ws.11)
https://mizitechinfo.wordpress.com/...cp-name-protection-in-windows-server-2012-r2/

QUESTION 122
Your network contains an Active Directory domain named contoso.com. The domain contains a
domain-based Distributed File System (DFS) namespace named Namespace1.

You need to view the shares to which users will be redirected when the users attempt to connect to a
folder named Folder1 in the DFS namespace.

What cmdlet should you run? To answer, select the appropriate options in the answer area

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
The Get-DfsnFolderTarget cmdlet gets settings for targets of a Distributed File System (DFS) namespace folder. You can specify a DFS namespace
folder path to see all the targets for that path. You can specify a namespace path and a target path to see settings for a particular target.

https://docs.microsoft.com/en-us/powershell/module/dfsn/get-dfsnfoldertarget?view=win10-ps

QUESTION 123
You have a Windows Server 2016 failover cluster that contains two servers named Server1 and Server2.

You need to apply patches to Server1.

Which two commands should you run before you apply the patches? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

https://support.microsoft.com/en-us/help/174799/how-to-update-windows-server-failover-clusters

https://technet.microsoft.com/en-us/library/ee461003.aspx

QUESTION 124
You have a DHCP server named Server1 that runs Windows Server 2016.
You have a single IP subnet. Server1 has an IPv4 scope named Scope1. Scope1 has an IP address range of 10.0.1.10 to 10.0.1.200
and a length of 24 bits.
You need to create a second logical IP network on the subnet. The subnet will use an IP address range
of 10.0.2.10 to 10.0.2.200 and a length of 24 bits.
What should you do?

A. Create a second scope, and then create a superscope.


B. Create a superscope, and then configure an exclusion range in Scope1.
C. Create a new scope, and then modify the IPv4 bindings.
D. Create a second scope, and then run the DHCP Split-Scope Configuration Wizard.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Superscopes

A superscope is a collection of individual DHCP scopes. You might create a superscope when you want to bind existing scopes together for
administrative reasons. For example, imagine that you have a subnet in a building that is close to fully allocated. You can add a second subnet to the
building and then bind them together into a superscope. The process of binding several separate logical subnets together on the same physical network
is known as multinetting.

QUESTION 125
Your network contains an Active directory forest named contoso.com. The forest has a Distributed File System (DFS) namespace named \\contoso.com
\namespace1.
The domain contains a file server named Server1 that runs Windows Server 2016. You create a folder named Folder1 on Server1. Which two cmdlets
should you use? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. New-DfsnFolderTarget
B. Install-WindowsFeature
C. Grant-DfsnAccess
D. New-DfsnFolder
E. New-SmbShare

Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
The Grant-DfsnAccess cmdlet grants permissions to users and groups for a Distributed File System (DFS) namespace folder. This cmdlet grants
permissions to access a folder and to enumerate its contents. You can use the Get-DfsnAccess cmdlet to see the current permissions, and you can use
the Revoke-DfsnAccess cmdlet to revoke permissions.

https://docs.microsoft.com/en-us/powershell/module/microsoft.windows.servermanager.migration/install-windowsfeature?view=win10-ps
https://docs.microsoft.com/en-us/powershell/module/dfsn/grant-dfsnaccess?view=win10-ps

QUESTION 126
You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host that hosts a virtual machine named VM1. Server1 has
three network adapter cards that are connected to virtual switches named vSwitch1, vSwitch2 and vSwitch3. You configure NIC Teaming on VM1 as
shown in the exhibit. (Click the Exhibit button)

You need to ensure that VM1 will retain access to the network if a physical network adapter card fails on Server1. What should you do?

Exhibit:
A. From Windows PowerShell on VM1, run the Set-VmNetworkAdapterTeamMapping cmdlet.
B. From Windows PowerShell on Server1, run the Set-VmNetworkAdapter cmdlet
C. From Windows PowerShell on Server1, run the Set-VmSwitch cmdlet
D. From Windows PowerShell on Server1, run the Set- VmNetworkAdapterFailoverConfiguration cmdlet

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
https://gallery.technet.microsoft.com/Windows-Server-2016-839cb607

Because fail-over between NICs in a VM might result in traffic being sent with the MAC address of the other vmNIC, each Hyper-V switch port
associated with a VM that is using NIC Teaming must be set to allow teaming There are two ways to enable NIC Teaming in the VM:
In the Hyper-V Manager, in the settings for the VM, select the VM’s NIC and the Advanced Settings item, then enable the checkbox for NIC Teaming in
the VM. See Figure 5.

Run the following Windows PowerShell cmdlet in the host with elevated (Administrator) privileges.

Set-VMNetworkAdapter -VMName <VMname> -AllowTeaming On

QUESTION 127
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 hosts a virtual machine named VM1. VM1 is in a workgroup. VM1 is
currently in a running state. You need to create 10 copies of VM1 on Server1 in the least amount of time possible.
Which cmdlets should you use?

A. Stop-VM, and then Import-VM


B. Export-VM, and then Import-VM
C. Checkpoint-VM, and then New-VM
D. Copy-VMFile, and then New-VM

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 128
You are deploying a small network that has 30 client computers. The network uses the 192.168.1.0/24 address space. All computers obtain IP
configurations from a DHCP server named Server1.

You install a server named Server2 that runs Windows Server 2016. Server2 has two network adapters named internal and Internet. Internet connects to
an Internet service provider (ISP) and
obtains the 131.107.0.10 IP address. Internal connects to the internal network and is configured to use the 192.168.1.250 IP address.

You need to provide Internet connectivity for the client computers.


What should you do?

A. On Server2, select the Internet and Internal network adapters and bridge the connections. From the DHCP console on Server1, authorize Server2.
B. On Server1, stop the DHCP server. On the Internal network adapter on Server 2, enable Internet Connection Sharing (ICS).
C. On Server2 run the New-NetNat -Name NAT1 -InternalIPInterfaceAddressPrefix 192.168.1.0/24 cmdlet. Configure Server1 to provide the 003 Router
option of 131.107.0.10.
D. Install the Routing role service on Server2 and configure the NAT routing protocol. Configure Server1 to provide the 003 Router option of
192.168.1.250.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Others dumps mark B) as correct answer, but if we stop dhcp server, computers will not get any ip new adress or renew. Using ICS in servers only can
happen in places like Osiatis ;)
QUESTION 129
You have two servers named Server1 and Server2 that run Windows Server 2016. You plan to implement Storage Replica to replicate the contents of
volumes on Server1 to
Server2. You need to ensure that the replication traffic between the servers is limited to a maximum of 100 Mbps. Which cmdlet should you run?

A. Set-NetUDPSetting
B. New-StorageQosPolicy
C. Set-SmbBandwidthLimit
D. Set-NetTCPSetting

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/powershell/module/smbshare/set-smbbandwidthlimit?view=win10-ps

Description
The Set-SmbBandwidthLimit cmdlet adds a Server Message Block (SMB) bandwidth cap for the traffic categories that you specify. SMB bandwidth caps
limit the amount of data that the server can send for each traffic category.

PS C:\> Set-SmbBandwidthLimit -Category Default -BytesPerSecond 100MB

This command limits SMB traffic to 100 megabytes per second for traffic that is unrelated to Hyper-V over SMB or Live Migration.

QUESTION 130
DRAG DROP

You have a file server named Server1 that runs Windows Server 2016.
You need to create a report that lists all of the share permissions assigned to the security principals
on Server1.

How should you complete the command? To answer, drag the appropriate cmdlets to the correct targets. Each cmdlet may be used once, more than
once, or not at all. You may need to drag the split
bar between panes or scroll to view content.

Select and Place:


Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/powershell/module/smbshare/get-smbshareaccess?view=winserver2012r2-ps

The Get-SMBShareAccess cmdlet gets objects that represent the rights that have been granted to security principles to access the Server Message
Block (SMB) share.
QUESTION 131
You are implementing a new network. The network contains a DHCP server named DHCP1 that runs Windows Server 2016. DHCP1 contains a scope
named Scope1 for the 192.168.0/24 subnet.
Your company has the following policy for allocating IP addresses:

All server addresses must be excluded from DHCP scopes.

* All client computer must receive IP addresses from Scope1.

* All Windows servers must have IP addresses in the range of 192.168.0.200 to 192.168.0.240

* All other network devices must have IP addresses in the range of 192.168.0.180 to 192.168.0.199.

You deploy a print device named Print1. You need to ensure that Print1 adheres to the policy for allocating IP addresses.

Which command should you use?

A. Add-DhcpServerv4Lease
B. Add-DhcpServerv4ExclusionRange
C. Add-DhcpServerv4Filter
D. Add-DhcpServerv4Reservation

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/powershell/module/dhcpserver/add-dhcpserverv4reservation?view=winserver2012r2-ps

The Add-DhcpServerv4ExclusionRange cmdlet adds a range of excluded IP addresses for an IPv4 scope. The excluded IP addresses are not leased
out by the Dynamic Host Configuration Protocol (DHCP) server service to any DHCP client. The only exception to this is reservation. If an IP address is
reserved, the same IP address is leased to the designated client even if it falls in the exclusion range.

The Add-DhcpServerv4Reservation cmdlet reserves the specified IPv4 address in the scope for a client. Once reserved, the IP address will be leased
only to the client identified by the specific client identifier (ID).

QUESTION 132
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
All servers in the domain run Windows Server 2016 Standard. The domain contains 300 client computers that run either Windows 8.1 or Windows 10.

The domain contains nine servers that are configured as shown in the following table.

The virtual machines are configured as follows:

* Each virtual machine has one virtual network adapter.


* VM1 and VM2 are part of a Network Load Balancing (NLB) cluster.
* All of the servers on the network can communicate with all of the virtual machines.

You plan to implement nested virtual machines on VM1.

Which two features will you be prevented from using for VM1?
A. NUMA spanning
B. Smart Paging
C. Dynamic Memory
D. live migration

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:
https://virtualizationreview.com/articles/2017/08/02/how-to-set-up-hyper-v-nested-virtualization-in-windows-server-2016.aspx
https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization
https://www.altaro.com/hyper-v/nested-virtualization-hyper-v-windows-server-2016/

QUESTION 133
You have multiple servers that run Windows Server 2016 and are configured as VPN servers. You deploy a server named NPS1 that has Network Policy
Server (NPS) installed.
You need to configure NPS1 to accept authentication requests from the VPN servers.

What should you configure on NPS1?

A. From RADIUS Clients and Servers, add a remote RADIUS server group.
B. From Policies, add a connection request policy.
C. From Policies, add a network policy.
D. From RADIUS Clients and Servers, add RADIUS clients.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-nps

Configure NPS
NPS handles all authentication, authorization, and accounting duties for connection requests that it receives from the VPN server.

To configure NPS, you must perform the following tasks.


Register the NPS Server in Active Directory
Configure RADIUS Accounting for your NPS Server

Add the VPN Server as a RADIUS Client in NPS

1. On the NPS server, in Server Manager, click Tools, and then click Network Policy Server. The NPS console opens.

2. In the NPS console, double-click RADIUS Clients and Servers. Right-click RADIUS Clients, and then click New. The New RADIUS Client dialog box
opens.

QUESTION 134
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
All servers in the domain run Windows Server 2016 Standard. The domain contains 300 client computers that run either Windows 8.1 or Windows 10.

The domain contains nine servers that are configured as shown in the following table.
The virtual machines are configured as follows:

* Each virtual machine has one virtual network adapter.


* VM1 and VM2 are part of a Network Load Balancing (NLB) cluster.
* All of the servers on the network can communicate with all of the virtual machines.

You create a new NLB cluster that contains VM3.


You need to ensure that VM2 can remain in the original cluster and be added to the new cluster.

What should you do first?

A. Add a new virtual network adapter to VM2.


B. Install the Web Application Proxy server role on VM2 and VM3.
C. Change the cluster operation mode.
D. Modify the default port rule.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
We will add the new virtual network adapter to the new NLB.

QUESTION 135
You have four Hyper-V hosts named Server1, Server2, Server3 and Server4 that run Windows Server 2016. The hosts are nodes in a failover cluster.

The failover cluster is configured to balance virtual machines when a node is more than 80 percent loaded. You need to configure the failover cluster to
balance the virtual machines when the load of a node is more than five percent higher than the average for the nodes.

Which command should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Controlling Aggressiveness of Balancing
The aggressiveness of balancing based on the Memory and CPU heuristics can be configured using the by the cluster common property
‘AutoBalancerLevel’. To control the aggressiveness run the following in PowerShell:

(Get-Cluster).AutoBalancerLevel = <value>
AutoBalancerLevel Aggressiveness Behavior
1 (default) Low Move when host is more than 80% loaded
2 Medium Move when host is more than 70% loaded
3 High Average nodes and move when host is more than 5% above average

https://blogs.msdn.microsoft.com/clustering/2016/04/29/failover-cluster-node-fairness-in-windows-server-2016/

QUESTION 136
You have a server named Server1 that runs Windows Server 2016.
Server1 has two network cards. One network card connects to your internal network and the other network card connects to the Internet. You plan to
use Server1 to provide Internet connectivity for client computers on the internal
network.

You need to configure Server1 as a network address translation (NAT) server.

Which server role or role service should you install on Server1 first?

A. Network Controller
B. Web Application Proxy
C. Routing
D. DirectAccess and VPN (RAS)

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
https://www.experiencingit.net/windows/windows-server-2016-nat-router/

QUESTION 137
A virtual machine named VM1 is running in the failover cluster. The role for VM1 is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the Information presented in the graphic.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

Explanation 1: FailoverPeriod Specifies a number of hours during which a maximum number of failover attempts FailoverThreshold Specifies the
maximum number of failover attempts that can be made on a group within a time interval defined by FailoverPeriod. According to the exihibit there can
only a maximum of two failovers attempts per 1 hour.

Explanation 2: Both the FailbackWindowStart and FailbackWindowEnd properties must be specified for a failback window to exist. If a failback window
exists, failback will only take place between the hours of FailbackWindowStart and FailbackWindowEnd if the group's preferred node is active or
becomes active during that interval. (this is the case in the exhibit) If no failback window exists, failback occurs immediately after the preferred node
becomes active.

QUESTION 138
You deploy two servers that run Windows Server 2016.
You install the Failovers Clustering feature on both servers.
You need to create a workgroup cluster.

What should you do?

A. Create matching local administrative accounts on both of the servers. Assign the same primary DNS suffix to both of the servers. Run the New-
Cluster cmdlet and specify an administrative access point of None.
B. Configure both of the server to be in a workgroup named Workgroup. Configure the Cluster Service to log on as Network Service. Run the New-
Cluster cmdlet and specify an administrative access point of DNS
C. Create matching local administrative accounts on both of the servers. Assign the same primary DNS suffix to both of the servers. Run the New-
Cluster cmdlet and specify an administrative access point of DNS.
D. Configure both of the server to be in a workgroup named Workgroup. Configure the Cluster Service to log on as Network Service. Run the New-
Cluster cmdlet and specify an administrative access point of None.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Create consistent local user accounts on all nodes of the cluster. Ensure that the username and password of these accounts are same on all the
nodes and add the account to the local Administrators group.
Ensure that each node to be joined to the cluster has a primary DNS suffix.
Create a Cluster with the Workgroup nodes or nodes joined to different domains. You may use the Failover Cluster Manager or Microsoft
PowerShell.
New-Cluster –Name <Cluster Name> -Node <Nodes to Cluster> -AdministrativeAccessPoint DNS
https://blogs.msdn.microsoft.com/clustering/2015/08/17/workgroup-and-multi-domain-clusters-in-windows-server-2016/

https://rlevchenko.com/2015/09/07/workgroup-and-multi-domain-clusters-in-windows-server-2016/

QUESTION 139
You have a server named Server1 that runs Windows Server 2016. The Docker daemon runs on Server1.

You need to ensure that members of a security group named Docker Administrators can administer Docker.

What should you do?

A. Edit the configuration.json file


B. Modify the security settings of docker.exe
C. run the set-service cmdlet
D. run the sc config command.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon

QUESTION 140
A company named Contoso, Ltd has five Hyper-V hosts that are configured as shown in the following table.

What are two valid live migration scenarios for virtual machines in your environment? Each correct answer presents a complete solution.
A. from Server4 to Server5
B. from Server1 to Server5
C. from Server3 to Server4
D. from Server2 to Server3

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:
Live migration has the following prerequisites:

• There must be two or more servers running Hyper-V that use processors from the same manufacturer; for example, all Hyper-V
virtualization hosts configured with Intel processors or all Hyper-V virtualization hosts configured with AMD processors.

• Hyper-V virtualization hosts need to be members of the same domain, or must be members of domains that have a trust relationship with eachother.

• VMs must be configured to use virtual hard disks or virtual Fibre Channel disks (no pass-through disks).

QUESTION 141
In this section, you’ll see one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem,
and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem. It is also possible that none of the
solutions solve the problem.

Once you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine
whether the solution meets the stated goals.

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run
Windows 10.

On Server1, you have the following zone configuration.


You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must
resolve queries from all other DNS clients.

Solution: From Windows PowerShell on Server1, you run the Add-DnsServerQueryResolutionPolicy cmdlet.

Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries

Block queries from a subnet


With this example, you can block queries from a subnet if it is found to be infected by some malware and is trying to contact malicious sites using your
DNS server.

` Add-DnsServerClientSubnet -Name "MaliciousSubnet06" -IPv4Subnet 172.0.33.0/24 -PassThru


Add-DnsServerQueryResolutionPolicy -Name "BlockListPolicyMalicious06" -Action IGNORE -ClientSubnet "EQ,MaliciousSubnet06" -PassThru `

The following example demonstrates how you can use the subnet criteria in combination with the FQDN criteria to block queries for certain malicious
domains from infected subnets.

Add-DnsServerQueryResolutionPolicy -Name "BlockListPolicyMalicious06" -Action IGNORE -ClientSubnet "EQ,MaliciousSubnet06" –FQDN


“EQ,*.contosomalicious.com” -PassThru

QUESTION 142
You have a server named Server1 that runs Windows Server 2016. Server1 has four SCSI disks and a storage pool named Pool1 that contains three
disks.
You create a virtual disk named Disk 1 that uses a mirrored layout. You create a partition named Partition1 that uses all of the available space on Disk 1.

You need to extend Partition1.

What should you do first?

A. From Windows PowerShell, run the Resize-VirtualDisk cmdlet.


B. From Windows PowerShell, run the Resize-StorageTier cmdlet.
C. From Windows PowerShell, run the Expand-IscsiVirtualDisk cmdlet.
D. From Disk Management, modify the properties of Partition1.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
No storage tiers
If the virtual disk has no storage tiers, you can resize it directly using the Resize-VirtualDisk cmdlet.

Provide the new size in the -Size parameter.

PowerShell

Copy
Get-VirtualDisk <FriendlyName> | Resize-VirtualDisk -Size <Size>

https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/resize-volumes

QUESTION 143
DRAG DROP

You have a server named Server1 that runs Windows Server 2016.On Server1 you use the Basic template to create a new Data Collector Set named
CollectorSet1.

You need to configure data collection for the performance counters. The configuration must support the following requirements:

Data collection must run on a schedule.


Data collection must stop if there is less than 1 GB of free disk space.

What should you modify to meet each requirement? To answer, drag the appropriate settings to the correct requirements. Each setting may be used
once, more than once, or nor at all. You may need to drag the Split bar between panes or scroll to view content.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
After a Data Collector Set has been created , you can access the schedule options by right-clicking the Data Collector Set name in the Microsoft
Management Console (MMC) navigation pane and selecting Properties .

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722312(v=ws.11)

To configure data management for a Data Collector Set


In Windows Performance Monitor, expand Data Collector Sets and click User Defined .
In the console pane, right-click the name of the Data Collector Set that you want to configure and click Data Manager .
On the Data Manager tab, you can accept the default values or make changes according to your data retention policy. See the table below for details
on each option.

When Maximum root path size is selected, previous data will be deleted according to your selections when the root log folder size limit is reached.

https://blogs.technet.microsoft.com/askpfeplat/2012/02/27/taming-perfmon-data-collector-sets/
QUESTION 144
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some questionsets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.

You have a Hyper-V host named Server1 that hosts a virtual machine named VM1.
Server1 and VM1 run Windows Server 2016.
The settings for VM1 are configured as shown in the exhibit below.
You need to ensure that you can use the Copy-VMFile cmdlet on Server1 to copy files from VM1.

Solution: You need to enable the Data Exchange integration service for VM1.

Does this meet the goal?


A. YES
B. NO

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Directly copy files from a Hyper-V host to a virtual machine on Windows Server 2012 R2 and Windows 8.1
In Windows Server 2012 R2 and Windows 8.1 with Hyper-V role, administrators can perform "Copy-VMFile" cmdlet to directly copy files from a Hyper-V
host which is installed Windows Server 2012 or Windows 8.1 with Hyper-V role to a virtual machine without using a network connection. To copy files to
a virtual machine, make sure virtual machines have been installed latest "Integration Services". After that, enable "Guest services" in a virtual machine.
By default, "Guest services" isn't enabled in a virtual machine. Administrators have to enable it by GUI or PowerShell before copying a file. To enable it
by PowerShell, administrators can perform "Get-VMIntegrationService -VMName <Virtual Machine Name> -Name "Guest Service Interface" | Enable-
VMIntegrationService -Passthru" cmdlet to enable "Guest services".

Then, Administrators can perform "Copy-VMFile -VMName <Virtual Machine Name> -SourcePath <The file path of a Hyper-Host> -DestinationPath
<The destination file path of a virtual machine> -CreateFullPath -FileSource Host" to create and copy a file to a virtual machine.

http://terrytlslau.tls1.cc/2014/06/directly-copy-files-from-hyper-v-host.html

QUESTION 145
You have a Scale-Out File Server that has a share named Share1. Share1 contains a virtualdisk file named Disk1.vhd.

You plan to create a guest failover cluster.

You need to ensure that you can use the virtual disk as a shared virtual disk for the guest failover cluster.

Which cmdlet should you use?

A. Optimize VHD
B. Optimize VHDSet
C. Convert-VHD
D. Set-VHD

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Deploy a Guest Cluster Using a Shared Virtual Hard Disk
.
.
.
Step 3: Create and enable a shared virtual hard disk
This step shows how to create and then share a virtual hard disk that is in the .vhdx file format.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn265980(v%3dws.11)

QUESTION 146
You are a network administrator for a company named Contoso,Ltd. The network is configured as shown in the exhibit.
You install the Remote Access server role on Server2. Server2 has the following configured.

Network address translation (NAT)


The DHCP Server server role
The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2

You identify the following requirements:

Add 28 devices to subnet2 for a temporary project.


Configure Server2 to accept VPN connections from the internet.
Ensure that devices on Subnet2 obtain TCP/IP settings from DHCP on Server2.

End of Scenario:

You add a computer to subnet1. The computer has an IP address of 10.10.0.129 Web1 receives a request from the new computer and sends a
response.

Which IP address should you choose?

What should you do?

A. 10.10.0.129
B. 10.10.0.224
C. 131.107.0.223
D. 172.16.128.222

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 147
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some questionsets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.

You have a Hyper-V host named Server1 that hosts a virtual machine named VM1.
Server1 and VM1 run Windows Server 2016.
The settings for VM1 are configured as shown in the exhibit below.
You need to ensure that you can use the Copy-VMFile cmdlet on Server1 to copy files from VM1.

Solution: You start the Hyper-V Guest Service Interface service on VM1.

Does this meet the goal?


A. YES
B. NO

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Directly copy files from a Hyper-V host to a virtual machine on Windows Server 2012 R2 and Windows 8.1
In Windows Server 2012 R2 and Windows 8.1 with Hyper-V role, administrators can perform "Copy-VMFile" cmdlet to directly copy files from a Hyper-V
host which is installed Windows Server 2012 or Windows 8.1 with Hyper-V role to a virtual machine without using a network connection. To copy files to
a virtual machine, make sure virtual machines have been installed latest "Integration Services". After that, enable "Guest services" in a virtual machine.
By default, "Guest services" isn't enabled in a virtual machine. Administrators have to enable it by GUI or PowerShell before copying a file. To enable it
by PowerShell, administrators can perform "Get-VMIntegrationService -VMName <Virtual Machine Name> -Name "Guest Service Interface" | Enable-
VMIntegrationService -Passthru" cmdlet to enable "Guest services".

Then, Administrators can perform "Copy-VMFile -VMName <Virtual Machine Name> -SourcePath <The file path of a Hyper-Host> -DestinationPath
<The destination file path of a virtual machine> -CreateFullPath -FileSource Host" to create and copy a file to a virtual machine.

http://terrytlslau.tls1.cc/2014/06/directly-copy-files-from-hyper-v-host.html

QUESTION 148
You plan to deploy several Hyper-V hosts that run Windows Server 2016. The deployment will use Software defined Networking (SDN) and VXLAN.

Which server role should you install on the network to support the planned deployment?

A. Network Controller
B. Network Policy and Access Services
C. Remote Access
D. Host Guardian Service

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Network Controller
The network controller is a Windows Server role which must be enabled on Virtual Machines running on hosts that are configured to use SDN and are
controlled by the network controller.

Three Network Controller enabled VMs are sufficient for high availability and maximum performance. Each VM must be sized according to the
guidelines provided in the SDN infrastructure virtual machine role requirements section of the Plan Software Defined Networking topic.

https://docs.microsoft.com/en-us/windows-server/administration/performance-tuning/subsystem/software-defined-networking/
QUESTION 149
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server.
Server1 is configured to allow domain users to establish VPN connections from 06:00 to 18:00 everyday of the week.
You need to ensure that domain users can establish VPN connections only between Monday and Friday.

Solution: From Network Policy Server, you modify the Network Policies on Server1.
Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 150
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a
question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. You need to create a Nano Server image named Nano1 that will be used as a
virtualization host. The Windows Server 2016 source files are located in Drive D.
Solution: You run the following cmdlet:

New-NanoServerImage -Edition Datacenter -DeploymentType Host -Package Microsoft-NanoServer-SCVMM-Package -


MediaPath D:\ -TargetPath C:\Nano1\Nano1.wim -ComputerName Nano1 -Domainname contoso.com

Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/system-center/vmm/hyper-v-nano?view=sc-vmm-1801

https://docs.microsoft.com/en-us/powershell/module/nanoserverimagegenerator/new-nanoserverimage?view=win10-ps

QUESTION 151
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a
question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. You need to create a Nano Server image named Nano1 that will be used as a
virtualization host. The Windows Server 2016 source files are located in Drive D.
Solution: You run the following cmdlet:

New-NanoServerImage Edition Datacenter DeploymentType Host Package Microsoft- NanoServer-Compute-Package


MediaPath `D:\' TargetPath C:\Nano1\Nano1.wim ComputerName Nano1 DomainName Contoso.com

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Missing "-" in the parameters.

https://docs.microsoft.com/en-us/system-center/vmm/hyper-v-nano?view=sc-vmm-1801

https://docs.microsoft.com/en-us/powershell/module/nanoserverimagegenerator/new-nanoserverimage?view=win10-ps

QUESTION 152
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server.
Server1 is configured to allow domain users to establish VPN connections from 06:00 to 18:00 everyday of the week.
You need to ensure that domain users can establish VPN connections only between Monday and Friday.

Solution: From Routing and Remote Access, you configure the Properties of Server1.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
User accounts and their properties, such as dial-in properties, are configured in either the Active Directory Users and Computers or the Local Users and
Groups Microsoft Management Console (MMC) snap-in, depending on whether you have Active Directory Domain Services (AD DS) installed.

The user account setting Network Access Permission , which is configured on the dial-in properties of user accounts, overrides the network policy
access permission setting. When network access permission on a user account is set to the Control access through NPS Network Policy option, the
network policy access permission setting determines whether the user is granted or denied access.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772123(v=ws.11)

QUESTION 153
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a
question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. You need to create a Nano Server image named Nano1 that will be used as a
virtualization host. The Windows Server 2016 source files are located in Drive D.
Solution: You run the following cmdlet:

New-NanoServerImage -Edition Datacenter -DeploymentType Most -Compute -Media 'D:\' - TargetPath c:\Nano1
\Nano1.wim -ComputerNamae Nano1 -DomainName Contoso.com

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Incorrect syntax, for example -deploymentType Most, dont exist.

-DeploymentType
Specifies the type of Nano Server deployment image. Valid values are Guest and Host. Specify Guest for creating an image for deployment to a virtual
machine. Specify Host for creating an image for deployment to physical hardware.

https://docs.microsoft.com/en-us/system-center/vmm/hyper-v-nano?view=sc-vmm-1801

https://docs.microsoft.com/en-us/powershell/module/nanoserverimagegenerator/new-nanoserverimage?view=win10-ps

QUESTION 154
You are a network administrator for a company named Contoso,Ltd. The network is configured as shown in the exhibit.
You install the Remote Access server role on Server2. Server2 has the following configured.

Network address translation (NAT)


The DHCP Server server role
The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2

You identify the following requirements:

Add 28 devices to subnet2 for a temporary project.


Configure Server2 to accept VPN connections from the internet.
Ensure that devices on Subnet2 obtain TCP/IP settings from DHCP on Server2.

End of Scenario:

What should you do to meet the DHCP connectivity requirement for Subnet2?

A. Install the Routing role service on Server2


B. Install the IP address Management (IPAM) Server feature on Server2
C. Install the Routing role service on Server1
D. Install the DHCP Server server role on Server1

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
As subnet 2 and 3 are different subnets, you need a DHCP Relay Agent on Server1, to be able to get DHCP leases from Server2.
You can configure a DHCP Relay Agent In the Routing and Remote Access MMC, expand IPv4, and then click DHCP Relay Agent.

QUESTION 155
You install the DHCP Server role on a server1. You create a new scope on Server1. The scope properties are configured as shown in the following
exhibit.
Use the drop down menus to select the answer choice that completes each statement based on the information presented in the graphics.

Hot Area:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
1) The scope is Not Activated.

2) Renewing IP addressing information is leased to a client, and the client is responsible for renewing the lease. By default, DHCP clients try to renew
their lease when 50 percent of the lease time has expired. To renew its lease, a DHCP client sends a DHCPRequest message to the DHCP server
from which it originally obtained the lease.

QUESTION 156
Your network contains three subnets, a production subnet that contains production servers, a development network that contains development servers,
and a client network that contains client
computers.

The development network is used to test applications and reproduces servers that are located on the production network. The development network and
the production network use the same IP address range.

A developer has a client computer on the client network. The developer reports that when he attempts to connect to the IP address 10.10.1.6 from his
computer, he connects to a server on the production network.

You need to ensure that when the developer connects to 10.10.1.6, he connects to a sever on the development network

Which cmdlet should you use?

A. New-NetNeighbor
B. New-NetRoute
C. Set-NetTcpSetting
D. Set-NetNeighbor

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
The New-NetNeighbor cmdlet creates a neighbor cache entry. The neighbor cache maintains information for each on-link neighbor, including the IP
address and the associated link-layer address. The address family that you specify for the neighbor cache entry must match the address family of the IP
interface.

The New-NetRoute cmdlet creates an IP route in the IP routing table. Specify the destination prefix, and specify an interface by using the interface alias
or the interface index.

The Set-NetTCPSetting cmdlet modifies a TCP setting. TCP settings are optimized for different network conditions including latency and congestion. To
apply a TCP setting to a port number or destination IP address range, create a transport filter by using the New-NetTransportFilter cmdlet.

The Set-NetNeighbor cmdlet modifies a neighbor cache entry. The neighbor cache maintains information for each on-link neighbor, including the IP
address and the associated link-layer address. You can modify only neighbor cache entries that are in a permanent state on interfaces that have link-
layer addresses. Use this cmdlet to modify the link-layer address and policy store setting of a neighbor cache entry.

QUESTION 157
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution
that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct
solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the
review screen.

Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris and Berlin.

The London site contains a web server named Web1 that runs Windows Server 2016.

You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.

Solution: You install the BranchCache feature, and then you start the BranchCache service.

Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
BranchCache modes

BranchCache has two modes of operation: distributed cache mode and hosted cache mode.

When you deploy BranchCache in hosted cache mode, the content cache at a branch office is hosted on one or more server computers, which are
called hosted cache servers.

https://docs.microsoft.com/en-us/windows-server/networking/branchcache/branchcache
https://technet.microsoft.com/en-us/library/mt652285%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

QUESTION 158
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution
that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct
solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the
review screen.
Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris and Berlin.

The London site contains a web server named Web1 that runs Windows Server 2016.

You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.

Solution: You install the DFS Replication role service, and then you start the Network Connections service.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
We need to install BranchCache in order to work with the hosted cache servers located in the Paris and Berlin Sites.

https://docs.microsoft.com/en-us/windows-server/networking/branchcache/branchcache

QUESTION 159
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some questionsets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.

You have a Hyper-V host named Server1 that hosts a virtual machine named VM1.
Server1 and VM1 run Windows Server 2016.
The settings for VM1 are configured as shown in the exhibit below.
You need to ensure that you can use the Copy-VMFile cmdlet on Server1 to copy files from VM1.

Solution: You need to enable the Guest Service integration service for VM1.

Does this meet the goal?


A. YES
B. NO

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Directly copy files from a Hyper-V host to a virtual machine on Windows Server 2012 R2 and Windows 8.1
In Windows Server 2012 R2 and Windows 8.1 with Hyper-V role, administrators can perform "Copy-VMFile" cmdlet to directly copy files from a Hyper-V
host which is installed Windows Server 2012 or Windows 8.1 with Hyper-V role to a virtual machine without using a network connection. To copy files to
a virtual machine, make sure virtual machines have been installed latest "Integration Services". After that, enable "Guest services" in a virtual machine.
By default, "Guest services" isn't enabled in a virtual machine. Administrators have to enable it by GUI or PowerShell before copying a file. To enable it
by PowerShell, administrators can perform "Get-VMIntegrationService -VMName <Virtual Machine Name> -Name "Guest Service Interface" | Enable-
VMIntegrationService -Passthru" cmdlet to enable "Guest services".

Then, Administrators can perform "Copy-VMFile -VMName <Virtual Machine Name> -SourcePath <The file path of a Hyper-Host> -DestinationPath
<The destination file path of a virtual machine> -CreateFullPath -FileSource Host" to create and copy a file to a virtual machine.

http://terrytlslau.tls1.cc/2014/06/directly-copy-files-from-hyper-v-host.html

QUESTION 160
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution
that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct
solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the
review screen.

Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris and Berlin.

The London site contains a web server named Web1 that runs Windows Server 2016.

You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.

Solution: You install the Deployment Server role service, and then you restart the World Wide Web Publishing Service.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
We need to install BranchCache in order to work with the hosted cache servers located in the Paris and Berlin Sites.

https://docs.microsoft.com/en-us/windows-server/networking/branchcache/branchcache

QUESTION 161
You are implementing a new network. The network contains a DHCP server named DHCP1 that runs Windows Server 2016. DHCP1 contains a scope
named Scope1 for the 192.168.0/24 subnet.
Your company has the following policy for allocating IP addresses:

All server addresses must be excluded from DHCP scopes.


All client computer must receive IP addresses from Scope1.
All Windows servers must have IP addresses in the range of 192.168.0.200 to 192.168.0.240
All other network devices must have IP addresses in the range of 192.168.0.180 to 192.168.0.199.

You deploy a print device named Print1.

You need to ensure that Print1 adheres to the policy for allocating IP addresses.

Which command should you use?

A. Add-DhcpServerv4Lease
B. Add-DhcpServerv4ExclusionRange
C. Add-DhcpServerv4Filter
D. Add-DhcpServerv4Reservation

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
We need to exclude the range of servers and other network devices from client computers range, then we can reserve an ip for the printer or servers.

The Add-DhcpServerv4ExclusionRange cmdlet adds a range of excluded IP addresses for an IPv4 scope. The excluded IP addresses are not leased
out by the Dynamic Host Configuration Protocol (DHCP) server service to any DHCP client. The only exception to this is reservation. If an IP address is
reserved, the same IP address is leased to the designated client even if it falls in the exclusion range.

QUESTION 162
Your network contains an Active Directory domain named contoso.com. The domain contains a Hyper-V host named Server1 that runs Windows Server
2016.
Server1 hosts four machines that are members of the domains. The virtual machines are configured as sown in the following table.

Which virtual machines can you manage by using PowerShell Direct?

A. Only VM2
B. VM1, VM2, and VM4
C. only VM4
D. VM1, VM2, and VM3

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

You can use PowerShell Direct to remotely manage a Windows 10 or Windows Server 2016 virtual machine from a Windows 10 or Windows Server
2016 Hyper-V host. PowerShell Direct allows Windows PowerShell management inside a virtual machine regardless of the network configuration or
remote management settings on either the Hyper-V host or the virtual machine. This makes it easier for Hyper-V Administrators to automate and script
virtual machine management and configuration.

To create a PowerShell Direct session on a virtual machine,

• The virtual machine must be running locally on the host and booted.
• You must be logged into the host computer as a Hyper-V administrator.
• You must supply valid user credentials for the virtual machine.
• The host operating system must run at least Windows 10 or Windows Server 2016.
• The virtual machine must run at least Windows 10 or Windows Server 2016.
The VM generation does not matter.

https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/manage-windows-virtual-machines-with-powershell-direct

QUESTION 163
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server.
Server1 is configured to allow domain users to establish VPN connections from 06:00 to 18:00 everyday of the week.
You need to ensure that domain users can establish VPN connections only between Monday and Friday.

Solution: From Server Manager, You modify the Access Policies on Server1.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
User accounts and their properties, such as dial-in properties, are configured in either the Active Directory Users and Computers or the Local Users and
Groups Microsoft Management Console (MMC) snap-in, depending on whether you have Active Directory Domain Services (AD DS) installed.

The user account setting Network Access Permission , which is configured on the dial-in properties of user accounts, overrides the network policy
access permission setting. When network access permission on a user account is set to the Control access through NPS Network Policy option, the
network policy access permission setting determines whether the user is granted or denied access.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772123(v=ws.11)

QUESTION 164
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server.
Server1 is configured to allow domain users to establish VPN connections from 06:00 to 18:00 everyday of the week.
You need to ensure that domain users can establish VPN connections only between Monday and Friday.

Solution: From Active Directory Users and Computers, you modify the Dial-in Properties of the user accounts.

Does this meet the goal?

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
User accounts and their properties, such as dial-in properties, are configured in either the Active Directory Users and Computers or the Local Users and
Groups Microsoft Management Console (MMC) snap-in, depending on whether you have Active Directory Domain Services (AD DS) installed.

The user account setting Network Access Permission , which is configured on the dial-in properties of user accounts, overrides the network policy
access permission setting. When network access permission on a user account is set to the Control access through NPS Network Policy option, the
network policy access permission setting determines whether the user is granted or denied access.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772123(v=ws.11)

QUESTION 165
Your network contains an Active Directory domain named contoso.com. The domain contains a domain-based Distributed file System (DFS) namespace
named Namespace1 that has access-based enumeration enabled. Namespace1 has a folder named folder1. Folder1 has a target of \\Server1\Folder1.

The Permission for folder1 are configured as shown in the following table.
Access-based enumeration is disabled for the share of Folder1.

You need to ensure that both User1 and User2 can see Folder1 when they access \\Contoso.com\NameSpace1

What should you do?

A. Enable access-based enumeration for Folder1.


B. Disable access-based enumeration for Namespace1.
C. Assign User1 the read NTFS permission to folder1.
D. Deny User1 the read DFS permission to Folder1.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Access-based enumeration hides files and folders that users do not have permissions to access. By default, this feature is not enabled for DFS
namespaces. You can enable access-based enumeration of DFS folders by using DFS Management. To control access-based enumeration of files and
folders in folder targets, you must enable access-based enumeration on each shared folder by using Share and Storage Management.

https://docs.microsoft.com/en-us/windows-server/storage/dfs-namespaces/enable-access-based-enumeration-on-a-namespace

QUESTION 166
You have two Hyper-V hosts named Server1 and Server2 that run windows server 2012 R2. The servers are nodes in a failover cluster named Cluster1.

You perform a rolling upgrade of the cluster nodes to Windows Server 2016.
You need to ensure that you can implement the Virtual Machine Load Balancing feature.

Which cmdlet should you use?

A. Update-ClusterFunctionalLevel
B. SetCauClusterRole
C. Update-ClusterNetWorkNameResource
D. Set-ClusterGroupSet

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Cluster operating system rolling upgrade

Cluster OS Rolling Upgrade enables an administrator to upgrade the operating system of the cluster nodes without stopping the Hyper-V or the Scale-
Out File Server workloads. Using this feature, the downtime penalties against Service Level Agreements (SLA) can be avoided.

After the Update-ClusterFunctionalLevel cmdlet is run, the cluster enters "Stage 4", where new Windows Server 2016 cluster features can be used.
https://docs.microsoft.com/en-us/windows-server/failover-clustering/cluster-operating-system-rolling-upgrade
https://docs.microsoft.com/en-us/windows-server/failover-clustering/whats-new-in-failover-clustering

QUESTION 167
You have a DirectAccess Server that is accessible by using the name directaccess.fabrikam.com

On the DirectAccess server, you install a new server certificate that has a subject name of directaccess.contoso.com, and then you configure DNS
records for directaccess.contoso.com

You need to change the endpoint name for DirectAccess to directaccess.contoso.com

What command should you run? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
Set-DaClient -ComputerName directaccess.contoso.com

https://docs.microsoft.com/en-us/powershell/module/remoteaccess/set-daclient?view=win10-ps

QUESTION 168
You have a network policy server (NPS) server named NPS1. One network policy is enabled on NPS1.
The policy is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information in the graphic.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 169
Your network contains an Active Directory domain named contoso.com. The Functional level of the forest and the domain is Windows Server 2008 R2.
All servers in the domain run Windows server 2016 standard. The domain contains 100 client computers that run either Windows 8.1 or Windows 10.

The domain contains nine servers that are configured as shown in the following table.
The virtual machines are configured as follows:

Each virtual machine has one virtual network adapter.


VM1 and VM2 are part of a Network Load Balancing (NLB) cluster.
All of the servers on the network can communicate with all of the virtual machines.

For VM1 and VM2, you plan to use live migration between Server4 and Server5.

You need to ensure that when the virtual machines migrate, they maintain connectivity to the network.

Which virtual switch names and connection types should you use on each server? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Connection type Description

External Gives virtual machines access to a physical network to communicate with servers and clients on an external network. Allows virtual
machines on the same Hyper-V server to communicate with each other.
Internal Allows communication between virtual machines on the same Hyper-V server, and between the virtual machines and the management
host operating system.
Private Only allows communication between virtual machines on the same Hyper-V server. A private network is isolated from all external network
traffic on the Hyper-V server. This type of network is useful when you must create an isolated networking environment, like an isolated test domain.

https://blogs.technet.microsoft.com/jhoward/2008/06/17/hyper-v-what-are-the-uses-for-different-types-of-virtual-networks/

QUESTION 170
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 connects to your corporate network. The Corporate network uses the
10.10.0.0/16 address space.
Server1 hosts a virtual machine named VM1, VM1 is configured to have an IP addresses of 172.16.1.54/16.

You need to ensure that VM1 can access the resources on the corporate network.

What should you do? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
We need a external switch to communicate with the network.

The Add-VmNetworkAdapterRoutingDomainMapping cmdlet adds a routing domain and virtual subnets to a virtual network adapter. The cmdlet
adds the information about the routing domain and virtual subnets to connected multitenant virtual machines.

https://technet.microsoft.com/en-us/library/dn464285%28v=wps.630%29.aspx?f=255&MSPPError=-2147217396

QUESTION 171
Your network contains an Active Directory forest named contoso.com. The forest has three sites named Site1, Site2 and Site3.
Distributed File System (DFS) for the forest is configured as shown in the exhibit.

The forest contains a server named Server2 that hosts the DFS namespace. \\Contoso.com\Namespace1\Folder2 has the following configuration.
\\Contoso\Namespace1\Folder2 has the targets configured as shown in the following table.

For each of the following statement, Select Yes if Statement is true. Otherwise , select No.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/windows-server/storage/dfs-namespaces/enable-or-disable-referrals-and-client-failback

https://technet.microsoft.com/library/jj884266.aspx

QUESTION 172
You are a network administrator for a company named Contoso,Ltd. The network is configured as shown in the exhibit.
You install the Remote Access server role on Server2. Server2 has the following configured.

Network address translation (NAT)


The DHCP Server server role
The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2

You identify the following requirements:

Add 28 devices to subnet2 for a temporary project.


Configure Server2 to accept VPN connections from the internet.
Ensure that devices on Subnet2 obtain TCP/IP settings from DHCP on Server2.

End of Scenario:

You deploy a computer named Computer8 to subnet4. Computer8 has an IP address of 192.168.10.230 and a subnet mask of 255.255.255.240
What is the broadcast address for Subnet4? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 173
You are a network administrator for a company named Contoso,Ltd. The network is configured as shown in the exhibit.
You install the Remote Access server role on Server2. Server2 has the following configured.

Network address translation (NAT)


The DHCP Server server role
The Security Policy of Contoso states that only TCP ports 80 and 443 are allowed from the internet to server2

You identify the following requirements:

Add 28 devices to subnet2 for a temporary project.


Configure Server2 to accept VPN connections from the internet.
Ensure that devices on Subnet2 obtain TCP/IP settings from DHCP on Server2.

End of Scenario:

You need to identify which subnet mask you must use for subnet2. The solution must minimize the number of available IP addresses on Subnet2.
What subnet mask should you identify? To answer, select the appropriate options in the answer area

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 174
Your network contains an Active Directory domain named adatum.com. The domain contains two servers named Server1 and Server2 that run Windows
Server 2016. The domain contains three users
named User1, User2 and User3.

Server 1 has a share named Share1 that has the following configurations.
The Share permissions for Share1 are configured as shown in Share1 Exhibit.
Share1 contains a file named File1.txt. The Advanced Security settings for File1.txt are configured as shown in the File1.txt exhibit.
Select the appropriate statement from below. Select Yes if the state is true , otherwise no.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
https://blog.varonis.com/the-difference-between-share-and-ntfs-permissions/

QUESTION 175
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server 1 has a virtual switch Switch1.

Server1 hosts the virtual machines configured as shown in the following table.

Windows firewall on VM1 and VM2 is configured to allow ICMP traffic. VM1 and VM2 connect to Switch1.

You fail to ping VM1 from VM2. You need to view the VirtualSubnetid to which VM1 connects.

Which cmdlet should you run on Server1.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
The Get-VMNetworkAdapterVlan cmdlet gets the virtual LAN settings configured on a virtual network adapter.

https://docs.microsoft.com/en-us/powershell/module/hyper-v/get-vmnetworkadaptervlan?view=win10-
QUESTION 176
You have a RADIUS server named RADIUS1. RADIUS1 is configured to use an IP address of 172.23.100.101.

You add a wireless access point (wap) named WAP-Secure to your network.

You configure WAP-Secure to use an IP address of 10.0.100.101.

You need to ensure that WAP-Secure can authenticate to RADIUS1 by using a shared secret key.

What command should you run? To answer, select the appropriate options in answer area.

Hot Area:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
The New-NpsRadiusClient cmdlet creates a Remote Authentication Dial-In User Service (RADIUS) client. A RADIUS client uses a RADIUS server to
manage authentication, authorization, and accounting requests that the client sends. A RADIUS client can be an access server, such as a dial-up server
or wireless access point, or a RADIUS proxy.

Example 1: Add a new RADIUS client

PS C:\>New-NpsRadiusClient -Address "10.0.100.101" -Name "WAP-Secure" -SharedSecret "001001001001"

This command adds a wireless access point as a RADIUS client to the NPS configuration. This RADIUS client has the IP address 10.0.100.101, the
name WAP-Secure, an enabled state, and a shared secret of 001001001001.

https://docs.microsoft.com/en-us/powershell/module/nps/new-npsradiusclient?view=win10-ps

QUESTION 177
Your network is configured as shown in the network diagram.
Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 178
You have a server named Server1 that runs Windows Server 2016. On Server1, you use the Basic template to create a new Data Collector Set named
CollectorSet1.

You need to configure CollectorSet1 to generate performance alerts.

What should you do before you start CollectorSet1?

A. Modify the performance counter data collector of CollectorSet1.


B. Add a new data collector to CollectorSet1.
C. Modify the configuration data collector of CollectorSet1.
D. Add a new task to CollectorSet1.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722414(v=ws.11)

QUESTION 179
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 hosts a virtual machine named VM1 that runs Windows Server
2016.

On VM1, Dynamic Memory is disabled, MAC spoofing is enabled fen the virtual network adapter, and checkpoints are disabled.

You need to ensure that you can install the Hyper-V server role on VM1.

What should you do?

A. Shut down VM1, run the Set-VMProcessor cmdlet, and then start VM1.
B. Disable Hyper-V integration services for VM1, and then restart VM1.
C. Configure VM1 to use standard checkpoints.
D. Shut down VM1, enable Dynamic Memory on VM1, and then start VM1.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
We need to shutdown the vm and then run:

Set-VMProcessor -VMName Name-ExposeVirtualizationExtensions $true

https://virtualizationreview.com/articles/2017/08/02/how-to-set-up-hyper-v-nested-virtualization-in-windows-server-2016.aspx

QUESTION 180
You plan to install a Nano Server on a physical server named Nano1. Nano1 will host several virtual machines that will use live migration.

Which package should you install on Nano1?


A. Microsoft-NanoServer-SecureStartup-Package
B. Microsoft-NanoServer-ShieldedVM-Package
C. Microsoft-NanoServer-Compute-Package
D. Microsoft-NanoServer-FailoverCluster-Package
E. Microsoft-NanoServer-Storage-Package

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Nano Server is ideal for a number of scenarios:

Add the VMM compute package, Microsoft-NanoServer-SCVMM-Compute-Package, to ensure that the VHD has the Hyper-V role, and that you can
manage the physical server using VMM. If you install this package, don't use the -Compute option for the Hyper-V role).

As a "compute" host for Hyper-V virtual machines, either in clusters or not

https://docs.microsoft.com/en-us/system-center/vmm/hyper-v-nano?view=sc-vmm-1801
https://docs.microsoft.com/en-us/windows-server/get-started/getting-started-with-nano-server

QUESTION 181
You have a remote access server named Server1 that runs Windows Server 2016. Server1 has DirectAccess enabled. You have a proxy server named
Server2. All computers on the internal network connect to the Internet by using the proxy.

On Server1, you run the command Set-DAClient -forceTunnel Enabled.

You need to ensure that when a DirectAccess client connects to the network, the client accesses all the Internet resources through the proxy.

What should you run on Server1?

A. Set-DnsClientGlobalSetting
B. Set-DAEntryPoint
C. Set-DnsClientNrptRule
D. Set-DnsClientNrptGlobal

Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:

https://docs.microsoft.com/en-us/powershell/module/remoteaccess/set-daentrypoint?view=win10-ps

QUESTION 182
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

Your network contains an Active Directory forest. You install Windows Server 2016 on 10 virtual machines. You need to deploy the Web Server (IIS)
server role identically to the virtual machines.

Solution: From Windows System Image Manager, you create an answer file, you copy the file to C:\Sysprep on each virtual machine, and then you run
the Apply-Image cmdlet.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
We should use DSC instead of SIM.

QUESTION 183
You have a Hyper-V failover cluster that contains three nodes. Virtual machines are distributed evenly across the cluster nodes.
You need to ensure that if a node loses connectivity from the other nodes, the virtual machines on the node will be transitioned to one of the remaining
nodes after one minute.

Which settings should you modify?

A. QuarantineDuration and QuarantineThreshold


B. SameSubnetDelay and CrossSubnetDelay
C. QuorumArbitrationTimeMax and RequestReplyTimeout
D. ResiliencyPeriod and ResiliencyLevel

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
ResiliencyPeriod and ResiliencyLevel:

https://blogs.msdn.microsoft.com/clustering/2015/06/03/virtual-machine-compute-resiliency-in-windows-server-2016/

QUESTION 184
You have two Hyper-V hosts named Server1 and Server2 that run Windows Server 2016.

Server1 hosts a virtual machine named VM1 that is in a Running state.

On Server1, you export VM1 and then you import VM1 on Server2.

What is the current state of VM1 on Server2?

A. Off
B. Running
C. Paused
D. Saved

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
When you export a running VM in Windows Server 2016 you’ll have a copy of it in saved state. Just like you did in Windows Server 2012 R2, no change
there. When you import that you’ll have a VM in saved state that you need to start up.

https://blog.workinghardinit.work/2016/06/16/live-export-a-running-virtual-machine-or-a-checkpoint/

QUESTION 185
You have a test environment that includes two servers named Server1 and Server2.

The severs run Windows Server 2016. You need to ensure that you can implement SMB Direct between the servers.

Which feature should the servers support?

A. Remote Direct Memory Access (RDMA)


B. Multipath I/O (MPIO)
C. Virtual Machine Queue (VMQ)
D. Single Root I/O Virtualization (SR-IOV)

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Windows Server 2012 R2 and Windows Server 2012 include a feature called SMB Direct, which supports the use of network adapters that have Remote
Direct Memory Access (RDMA) capability. Network adapters that have RDMA can function at full speed with very low latency, while using very little
CPU.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134210(v=ws.11)

QUESTION 186
You have a DHCP server named Server1. Server1 has an IPv4 scope that contains 100 addresses for a subnet named Subnet! Subnet1 provides guest
access to the Internet. There are never more than 20 client computers on Subnet1 simultaneously; however, the computers that connect to Subnet 1 are
rarely the same computers. You discover that some client computers are unable to access the network.

The computers that have the issue have IP addresses in the range of 169.254.0.0/16. You need to ensure that all of the computers can connect
successfully to the network to access the Internet.

What should you do?

A. Create a new scope that uses IP addresses in the range of 169.254.0.0/16.


B. Modify the scope options.
C. Modify the lease duration.
D. Configure Network Access Protection (NAP) integration on the existing scope.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Lease time

Specifies the time, in seconds, from address assignment until the client's lease on the address expires. Lease time is specified in the DHCP Manager
Create Scope or Scope Properties dialog box, and can be set directly in the DHCP Options dialog box.

https://technet.microsoft.com/en-us/library/cc958929.aspx
QUESTION 187
You have a DHCP server named Server1. Server1 has an IPv4 scope that serves 75 client computers that run Windows 10. When you review the
address leases in the DHCP console, you discover several leases for devices that you do not recognize.

You need to ensure that only the 75 Windows 10 computers can obtain a lease from the scope.

What should you do?

A. Run the Add-DhcpServerv4ExclusionRange cmdlet.


B. Create and enable a DHCP filter.
C. Create a DHCP policy for the scope.
D. Run the Add-DhcpServerv4OptionDefinition cmdlet.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
The Dynamic Host Configuration Protocol (DHCP) server role in Windows Server 2012 introduced a new policy based IP address assignment feature.
Policy based assignment (PBA) allows an administrator to group DHCP clients by specific attributes based on fields contained in the DHCP client
request packet. This feature allows for targeted administration and greater control of configuration parameters delivered to network devices.
The following fields in the DHCP client request are available when defining policies.

Vendor Class
User Class
MAC address
Client Identifier
Relay Agent Information

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831538(v=ws.11)

QUESTION 188
You have a Hyper-V host that runs Windows Server 2016.

You need to identify the amount of processor resources consumed by Hyper-V and virtual machines.

Which counter should you use from Performance Monitor?

A. \Hyper-V Hypervisor\Logical Processors


B. \Hyper-V Hypervisor Root Virtual Processor(_Total)\% Guest Run Time
C. \Hyper-V Hypervisor Virtual Processor(_Total)\% Hypervisor Run Time
D. \Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Measure overall processor utilization of the Hyper-V environment using Hyper-V performance monitor counters – For purposes of measuring processor
utilization, the host operating system is logically viewed as just another guest operating system. Therefore, the “\Processor(*)\% Processor Time”
monitor counter measures the processor utilization of the host operating system only.

To measure total physical processor utilization of the host operating system and all guest operating systems, use the “\Hyper-V Hypervisor Logical
Processor(_Total)\% Total Run Time” performance monitor counter. This counter measures the total percentage of time spent by the processor
running the both the host operating system and all guest operating systems.

https://blogs.technet.microsoft.com/clint_huffman/2008/10/13/use-the-hyper-v-counters-for-cpu-measurement/

QUESTION 189
You have a server named Server1 that runs Windows Server 2016.

Server1 is an IP Address Management (IPAM) server that collects DHCP and DNS logs and events for your entire network.

You need to enable a user named TECH1 to create pointer (PTR), host (A) and service location (SRV) records on all the DNS servers on the network.

What should you do on Server1?.

A. Run the Set-IpamRange cmdlet, and then run the Set-IpamAccesScope cmdlet.
B. From the IPAM node in Server Manager, assign the IPAM DNS Administrator Role to TECH1 and create a new access scope.
C. From IPAM Node in server Manager, create a new user role and a new Access Policy
D. Run the Set-IpamCustomFiled cmdlet, and then run the Set-IpamAddressSpace cmdlet.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
We need to create a custom role with the permissions to create pointer (PTR), host (A) and service location (SRV) records on all the DNS servers.

DNS administrator Role will allow to create more types of records.

https://blogs.technet.microsoft.com/teamdhcp/2015/09/01/dns-management-in-ipam/
QUESTION 190
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016.

As a domain administrator, you log on to a server named Server2 and open Windows Powershell.

You need to establish an interactive Powershell session to a server named Server1.

Which command should you run?

A. New-PSSession -Name Server1


B. Set-PSSessionConfiguration -AccessMode Remote -Name Server1
C. Enter-PSsession -ComputerName Server1
D. Enable-PSRemoting Server1

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
The Enter-PSSession cmdlet starts an interactive session with a single remote computer. During the session, the commands that you type run on the
remote computer, just as if you were typing directly on the remote computer. You can have only one interactive session at a time.

Typically, you use the ComputerName parameter to specify the name of the remote computer. However, you can also use a session that you create by
using the New-PSSession cmdlet for the interactive session. However, you cannot use the Disconnect-PSSession, Connect-PSSession, or Receive-
PSSession cmdlets to disconnect from or re-connect to an interactive session.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enter-pssession?view=powershell-6

QUESTION 191
Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com andcontoso.com. The contoso.com domain
contains two domains controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is associated to a
subnet of 192.168.10.0/24

You discover that LON-DC02 is not a global catalog server.

You need to configure LON-DC02 as a global catalog server.

What should you do?

A. From Active Directory Sites and Services, modify the NTDS Settings object of LON-DC02.
B. From the properties of the LON-DC02 computer account in Active Directory Users and Computers, modify the City attribute.
C. From Windows Powershell, run the Enable-ADOptionalFeature cmdlet.
D. From Active Directory Sites and Services, modify the NTDS Settings object of the London site.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
To promote a domain controller to a global catalog server, follow these steps:

1. On the domain controller, click Start, point to Programs, click Administrative Tools, and then click Active Directory Sites and Services.
2. In the console tree, double-click Sites, double-click the name of the site, and then double-click Servers.
3. Double-click the target domain controller.
4. In the details pane, right-click NTDS Settings, and then click Properties.
5. On the General tab, click to select the Global catalog check box.
6. Restart the domain controller.

https://support.microsoft.com/en-us/help/296882/how-to-promote-a-domain-controller-to-a-global-catalog-server

QUESTION 192
Your network contains a new Active Directory domain named contoso.com

You have a security policy that states that new servers should run Nano Server whenever possible.

Which server role can be deployed on a Nano Server?

A. Network Policy and Access Services.


B. Active Directory Domain Services.
C. DNS server
D. DHCP server

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Possible nano server roles:
QUESTION 193
You network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services (AD FS) server
named ADFS1, a Web
Application Proxy server named WAP1, and a web server named Web1.

You need to publish a website on Web1 by using the Web Application Proxy. Users will authenticate by using OAuth2 preauthentication.

What should you do first?

A. On Web1, add site bindings.


B. On Web1, add handler mappings.
C. On ADFS1, enable an endpoint.
D. On ADFS1, add a claims provider trust.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
In the AD FS Management console, you must make sure that the OAuth endpoint is proxy enabled.

To check if the OAuth endpoint is proxy enabled, open the AD FS Management console, expand Service, click Endpoints, in the Endpoints list, locate
the OAuth endpoint and make sure that the value in the Proxy Enabled column is Yes.

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-applications-using-ad-fs-preauthentication

QUESTION 194
You network contains an Active Directory forest. The forest contains an Active Directory Federation Services (AD FS) deployment.

The AD FS deployment contains the following:

An AD FS server named server1.contoso.com that runs Windows Server 2016


A WEB Application Proxy used to publish AD FS
A UPN that uses the contoso.com suffix
A namespace named adfs.contoso.com

You create a Microsoft Office 365 tenant named contoso.onmicrosoft.com. You use Microsoft Azure Active Directory Connect (AD Connect) to
synchronize all of the users and the UPNs from the contoso.com forest to Office 365.
You need to configure federation between Office 365 and the on-premises deployment of Active Directory.Which three commands should you run in
sequence from Server1?

To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

Select and Place:

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Connect to Microsoft Online Services with the credential variable set previously
Connect-MsolService –Credential $cred

Set the MSOL ADFS Context server, to the ADFS server


Set-MsolADFSContext –Computer adfs_servername.domain_name.com

Convert the domain to a federated domain


Convert-MsolDomainToFederated –DomainName domain_name.com

Successful Federation
Successfully updated ‘domain_name.com‘ domain.

Verify federation
Get-MsolFederationProperty –DomainName domain_name.com

https://blogs.technet.microsoft.com/canitpro/2015/09/11/step-by-step-setting-up-ad-fs-and-enabling-single-sign-on-to-office-365/
QUESTION 195
You implement a windows server 2016 failover cluster named cluster1 as a high available file server.

You run the Get-Cluster cmdlet and receive the following output:

Use the drop down menus to select the answer choice that completes each statement based on the information presented in the graphics.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
Remote-updating mode For this mode, a remote computer, which is called an Update Coordinator, is configured with the CAU tools. The Update
Coordinator is not a member of the cluster that is updated during the Updating Run. From the remote computer, the administrator triggers an on-
demand Updating Run by using a default or custom Updating Run profile. Remote-updating mode is useful for monitoring real-time progress during the
Updating Run, and for clusters that are running on Server Core installations.

https://docs.microsoft.com/en-us/windows-server/failover-clustering/cluster-aware-updating

QUESTION 196
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run
Windows Server 2016. Server1 and Server2 have multiple local disk attached.

You need to create a storage pool by using Storage Spaces Direct.

Which tree actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange
them in the correct order.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/hyper-converged-solution-using-storage-spaces-direct

QUESTION 197
You have a server named Server1 that runs Windows Server 2016. Server1 is located on the perimeter network, and only inbound TCP port 443 is
allowed to connect Server1 from the Internet.
You install the Remote Access server role on Server1.

You need to configure Server1 to accept VPN connections over port 443.

Which VPN protocol should you use?

A. PPTP
B. SSTP
C. L2TP
D. IKEv2

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd458955(v=ws.10)

QUESTION 198
You have two Hyper-V hosts named Server1 and Server2 that run Windows Server 2016. The hosts are nodes in failover cluster.

You discover that VM1 automatically live migrates when vSwitch temporarily disconnects.

You need to prevent VM1 from being live migrated when vSwitch1 temporarily disconnects.

What should you do?

A. Run the Set-VMNetworkAdapter cmdlet and set isManagementOS to False


B. From the network adapter setting of VM1, disable the Heartbeat integration service.
C. From the network adapter setting of VM1, disable he Protected network setting.
D. Run the Set-VMNetworkAdapter cmdlet and set StormLimit to 0.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
We can disable it in GUI or powershell:

Set-VMNetworkAdapter -NotMonitoredInCluster $True


https://blogs.msdn.microsoft.com/clustering/2013/09/04/windows-server-2012-r2-virtual-machine-recovery-from-network-disconnects/

QUESTION 199
Your network contains an ACtive Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run
Windows Server 2016.

Each server has an operating system disk and four data disks. All of the disks are locally attached SATA disks. Data disk, is initialized as an MBR disk,
and has a single NTFS volume.

You plan to implement Storage Spaces Direct by using the data disks on Server1 and Server2.

You need to prepare the data disks for the Storage Spaces Direct implementation.

What should you do?

A. Convert the data disks to dynamic disks


B. Format the volumes on the data disks as exFAT.
C. Initialize the data disks as GPT disks and create an ReFS volume on each disk
D. Delete the volumes from the data disks.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Enable Storage Spaces Direct using Windows PowerShell

The disks that you plan to use with Storage Spaces Direct must not have any partitions or data already existing on them. If any partitions or data already
exist, the data is not included with Storage Spaces Direct.

----

Step 3.4: Clean disks


The disks intended to be used for Storage Spaces Direct need to be empty and without partitions or other data. If a disk has partitions or other data, it
will not be included in the Storage Spaces Direct system.

On the management system, open a PowerShell ISE window with Administrator privileges, and then create and run the following script, replacing the
<ClusterName> variable with the appropriate cluster name. Running this script will help identify the disks on each node that are detected to be able to be
used for Storage Spaces Direct, and removes all data and partitions from those disks.
https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/hyper-converged-solution-using-storage-spaces-direct

QUESTION 200
You use Application Request Routing (ARR) to make internal web applications available to the internet by using NTLM.

You need to replace ARR by using the web application proxy

Which server role should you deploy first?

A. Active Directory Lightweight Directory Services.


B. Active Directory Certificate Services.
C. Active Directory Federation Services.
D. Active Directory Rights Management Services.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/web-application-proxy-windows-server

QUESTION 201
You have a Windows 2016 Hyper-V failover cluster that contains two nodes named Node1 and Node2.

On Node1, you create a virtual machine named VM01 by using Hyper-V Manager.

You need to configure VM01 to move to Node2 automatically if Node1 becomes unavailable.

What should you do?

A. From Failover Cluster Manager, run Configure Role actions.


B. From Hyper-V Manager, clickVM01, and click Enable Replication.
C. From Hyper-V Manager, clickNode1, and then modify the Hyper-V settings.
D. From Windows PowerShell, run the Enable-VMReplication cmdlet.
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
If you have VMs on cluster nodes that are not currently cluster resources, it's a simple process to make them highly available, provided they're using
cluster storage (such as a Cluster Shared Volume):

Start Failover Cluster Manager.


Expand the cluster Roles.
Select the Configure Role... action.
Click Next to the introduction wizard.
In the Select Role dialog box, select Virtual Machine as the type and click Next.
Select all the virtual machines you want to make highly available and click Next.
QUESTION 202
You have a Windows Server 2016 failover cluster named Cluster1 that contains four nodes named Server1, Server2, Server3 and Server4.

You need to configure Cluster1 to use directly attached storage to store several virtual machines.

You run the Enable-ClusterStorageSpacesDirect cmdlet on Server1.


What should you do next?

A. Run the Enable-ClusterStorageSpacesDirect cmdlet on the other three nodes.


B. Create a storage pool
C. Run the Add-ClusterResource cmdlet on all of the nodes.
D. Create volumes.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Enable-ClusterStorageSpacesDirect
Once we run this command, a few things will happen. The storage system will be put into Storage Spaces Direct mode, then the following will happen:

One big storage pool will be created with the name “S2D on Cluster1” using all disks available to each host. If your storage array consists of more than
one type of drive (SSD, NVMe) it will automatically assign this drive to be a read and write cache.

Creating A Disk
Now that we have our storage pool, we will need to create virtual disks on top of the pool.

There are multiple ways to create a new disk/volume on our storage pool, such as within Failover Cluster Manager and also within File and Storage
Services, and of course powershell.

https://medium.com/beyond-the-helpdesk/setting-up-and-configuring-storage-spaces-direct-in-windows-server-2016-4d2be85a8f7d

QUESTION 203
You deploy a new Hyper-V host named Server1 that runs Windows Server 2016.

You implement receive side scaling (RSS) on Server1. The chipset on Server1 does not support NetDMA.

All of the equipment on your network supports 10-Gbps connectivity.

On Server1, you deploy a virtual machine named VM1. You configure VM1 to aggregate all of the Windows and non-Windows tog files for all of the
servers on the network. VM1 has four virtual processors.

You discover that VM1 drops packets.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 204
You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2016. IPAM1 manages 10 DHCP servers.

You need to provide a user with the ability to track which clients receive which IP addresses from DHCP. The solution must minimize administrative
privileges.

A. IPAM ASM Administrators


B. IPAM IP Audit Administrators
C. IPAM User
D. IPAM MSM Administrators

Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
IPAM IP Audit Administrators

IPAM IP Audit Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have
all the privileges of the IPAM Users security group. They can view IP address tracking data and perform IPAM common management tasks.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj878342(v=ws.11)

QUESTION 205
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 contains four virtual machines that are configured as shown in the
following table:

To which virtual machine or machines can you connect by using Virtual Machine Connection from Hyper-V Manager?

A. VM2 only
B. VM1, VM2, VM3 and VM4
C. VM1 and VM2 only
D. VM3 and VM4 only
E. VM4 only

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
On shielded VM’s the Virtual Machine Connection (Console) is Disabled (and cannot be enabled).

https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms
QUESTION 206
Your network contains an ACtive Directory domain named contoso.com that contains a domain controller named servers for the network run BIND 10

Several engineers access the network remotely by using a VPN connection to a remote access server that runs Windows 2016. All of the VPN
connections use certificate-based authentication and are subject to access policies in Network Police Service (NPS). Certificates are issued by an
enterprise certification authority (CA) named CA1.

All windows computers on the network are activated by using Key Management service (KMS) Desktop/RDS)

A. Manage the DNS zones on the DNS servers.


B. Audit logon event on the RDS server.
C. Audit certificate enrollment requests on CA1.
D. Audit authentication events from DC1.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
*** missing question.

Pending update.

QUESTION 207
You have a server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on Server1. You have network adapters that are
dedicated to virtual machines. The network adapters are Remote Direct Memory Access.

You plan to use Software Defined Networking (SDN). You will host the virtual machines for multiple tenants on the

You need to ensure that the network connections for the virtual machines are resilient if one or more physical network cards fail.

What should you implement?

A. Switch Embedded Teaming (SET).


B. virtual Receive-side Scaling (vRSS).
C. NIC Teaming on the Hyper-V host.
D. single root I/O virtualization (SR-IOV)

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
SET is an alternative NIC Teaming solution that you can use in environments that include Hyper-V and the Software Defined Networking (SDN) stack in
Windows Server 2016. SET integrates some NIC Teaming functionality into the Hyper-V Virtual Switch.

SET allows you to group between one and eight physical Ethernet network adapters into one or more software-based virtual network adapters. These
virtual network adapters provide fast performance and fault tolerance in the event of a network adapter failure.

SET member network adapters must all be installed in the same physical Hyper-V host to be placed in a team.

https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded

QUESTION 208
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and litwareinc.com.

Your company recently deployed DirectAccess for the members of a group named DA_Computers. All client computers are members of
DA_Computers.

You discover that DirectAccess clients can access the resources located in the contoso.com domain only. The clients can access the resources in the
litwareinc.com domain by using an L2TP VPN connection to the network.

You need to ensure that the DirectAccess clients can access the resources in the litwareinc.com domain.

What should you do?

A. From a Group Policy object (GPO), modify the Name Resolution Policy Table (NRPT).
B. From the properties of the servers in litwareinc.com, configure the delegation settings.
C. On an external DNS server, create a zone delegation for litwareinc.com.
D. Add the servers in litwareinc.com to the RAS and IAS Servers group.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
At this point you now should have a better understanding of the Network Location Server and how its used to determine whether the DA client is on or of
the corpnet. You should also understand how DNS query behavior changes when the DA client components are enabled – and that the NRPT
determines what DNS server will be used to service a DNS query when the DA components are enabled on the client.
https://blogs.technet.microsoft.com/tomshinder/2010/04/01/directaccess-client-location-awareness-nrpt-name-resolution/

QUESTION 209
On a new server, you install Windows Server 2016, and then you install the Hyper-V server role.

You need to ensure that you can deploy Windows containers that use an image of the Server Core installation of Windows Server.

Which four commands should you use in sequence? To answer, move the appropriate commands from the list of commands to the answer area and
arrange them in the correct order.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider
Restart-Computer -Force
docker pull microsoft/windowsservercore

https://docs.microsoft.com/en-us/vi...rs/quick-start/using-insider-container-images

QUESTION 210
You are the administrator for a large company. You plan to implement servers in the environment that do not use local hard drives.

You need to recommend a supported storage solution.

Which technology should you recommend?


A. Clustered NAS
B. DVD
C. Fibre Channel SAN
D. Cloud storage

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
https://support.microsoft.com/en-us/help/305547/support-for-booting-from-a-storage-area-network-san

QUESTION 211
You plan to implement a two-tier certification authority (CA) hierarchy with an offline root CA. You install the root CA, and then copy the certificate to the
server that will become the new issuing CA. You have a file named rootca1_ContosoRootCA.crt that contains the root CA certificate. Client devices in
the Active Directory Domain Services (AD DS) domain do not currently trust the root CA.

All clients in the AD DS domain must trust the root CA.

You need to install the issuing CA.

What should you do?

A. Intermediate Certificate authorities store


B. Run the following command from an administrative command prompt:

certutil -dspublish -f rootca1_contosoRootCA.crt RootCA


C. On the domain controller, use Windows Explorer to open the rootca1_contosoRootCA.crt file and add the root CA to the Trusted Root Certification
Authorities store.
D. Run the following command from an administrative command prompt:

certutil -pulse rootca1_ContosoRootCA.crt TrustedRoot

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732443%28v%3dws.10%29
QUESTION 212
A company has data centers in Seattle and New York. A high-speed link connects the data centers. Each data center runs a virtualization infrastructure
that uses Hyper-V Server 2012 and Hyper-V Server 2012 R2.
Administrative users from the Seattle and New York offices are members of Active Directory Domain Services groups named SeattleAdmins and
NewYorkAdmins, respectively.

You deploy one System Center Virtual Machine Manager (SCVMM) in the Seattle data center.

You create two private clouds named SeattleCloud and NewYorkCloud in the Seattle and New York data centers, respectively.

You have the following requirements:

Administrators from each data center must be able to manage the virtual machines and services from their
location by using a web portal.
Administrators must not apply new resource quotas or change resource quotas.
You must manage public clouds by using the existing SCVMM server.
You must use the minimum permissions required to perform the administrative tasks.

You need to configure the environment.

What should you do?

A. Install System Center Orchestrator.


B. For both the Seattle and New York admin groups, create a User Role and assign it to the Tennant Administrator profile. Add the Seattle and New
York private clouds to the corresponding User Role.
C. Install System Center App Controller.
D. Add both SeattleAdmins and NewYorkAdmins to the Local Administrators group of each Hyper-V host in Seattle and New York, respectively.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Tenant administrators can place quotas on computing resources and virtual machines, answer should be Application Administrator. if its available
answer.

https://technet.microsoft.com/en-us/library/gg696971%28v=sc.12%29.aspx?f=255&MSPPError=-2147217396

QUESTION 213
You have a server named Server1 that runs Windows Server 2016. Server1 has four SCSI disks and a storage Pool1 that contains three disks.
You create a virtual disk named Disk 1 that uses a mirrored layout.

You create a partition named Partition1 that uses all of the available space on Disk 1.

You need to extend Partition1.

What should you do first?

A. From the Storage Pools page in Server Manager, extend a virtual disk.
B. From Windows PowerShell, run the Expand-IscsiVirtualDisk cmdlet.
C. From disk management, modify the propierties of partition1.
D. From Disk Management, extend a volume.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Another optional answer could be -> From Windows PowerShell, run the Resize-VirtualDisk cmdlet.

https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/resize-volumes

QUESTION 214
Your network contains an ACtive Directory domain named contoso.com that contains a domain controller named servers for the network run BIND 10

Several engineers access the network remotely by using a VPN connection to a remote access server that runs Windows 2016. All of the VPN
connections use certificate-based authentication and are subject to access policies in Network Police Service (NPS). Certificates are issued by an
enterprise certification authority (CA) named CA1.

All windows computers on the network are activated by using Key Management service (KMS) Desktop/RDS)

A. Audit Configuration changes to the remote access server.


B. Audit user and device logon event from NPS
C. Manage activations on the KMS server.
D. Audit logon event on the RDS server.

Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
*** missing question.

Pending update.

QUESTION 215
You are preparing an image of Windows Server 2016.

The image is missing the driver for a network adapter that is required in your environment.

You need to ensure that the image contains the network adapter driver.

Which tree cmdlets should you use in sequence? To answer, move the appropriate cmdlets from the list cmdlets to the answer area and arrange them
in the correct order.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Mount-WindowsImage -Path .\Mount -ImagePath .\ISO\sources\install.wim

Add-WindowsDriver -Path .\Mount -Driver .\Drivers -Recurse

Dismount-WindowsImage -Path .\Mount -Save

https://www.thomasmaurer.ch/2013/03/add-drivers-to-windows-server-2012-iso-image/

QUESTION 216
You implement Software Defined Networking (SDN) by using the Network Controller server role.

You have a virtual network named VNET1 that contains servers used by developers.

You need to ensure that only devices from the 192.168.0.0/24 subnet can access the virtual machine in VNET1.

What should you configure?


A. role-based access control
B. a universal security group
C. a network security group (NSG)
D. Dynamic Access Control

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/windows-server/networking/sdn/technologies/hyper-v-network-virtualization/hyper-v-network-virtualization

https://docs.microsoft.com/en-us/windows-server/networking/sdn/technologies/software-defined-networking-technologies

QUESTION 217
You have a Windows Server 2016 failover cluster named Cluster1 that contains three nodes named Server1, Server2, and Server3.
Each node hosts several virtual machines. The virtual machines are configured to fail over to another node in Cluster1 if the hosting node fails.

You need to ensure that if the Cluster service fails on one of the nodes, the virtual machine of that node will fail over immediately.

Which setting should you configure?

A. ResiliencyPeriod
B. ResiliencyLevel
C. FailureConditionLevel
D. QuarantineDuration

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
ResiliencyLevel
Defines how unknown failures handled

1 – Allow the node to be in Isolated


state only if the node gave a notification and it went away for known reason, otherwise fail immediately. Known reasons include Cluster Service crash or
Asymmetric Connectivity between nodes.

2- Always let a node go to an Isolated state and give it time before taking over ownership of the VMs.
PowerShell:

(Get-Cluster).ResiliencyLevel = <value>

https://blogs.msdn.microsoft.com/clustering/2015/06/03/virtual-machine-compute-resiliency-in-windows-server-2016/

QUESTION 218
You have a server named Server1 that runs Windows Server 2016. Server1 is an IP Address Management (IPAM) server that collects DHCP and DNS
logs and events for your entire network.

You need to get the IP addresses that were assigned to a client computer named Computer1 during the last week.

A. From the IPAM node in Server Manager, click IP Address Space, and then review the IP Address Inventory.
B. Run the Get-IpamIpAddressAuditEvent cmdlet
C. Open Event Viewer and click Windows Logs. Filter the Forwarded Events logs for Computer1.
D. Run the Get-IpamAddress cmdlet.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
PS C:\> $IpamIpAddressAuditEvents = Get-IpamIpAuditEvent -StartDate $LastMonth -EndDate $Today -HostName "client1.contoso.com"

check example 5 or 6.

https://docs.microsoft.com/en-us/powershell/module/ipamserver/get-ipamipaddressauditevent?view=win10-ps

From the IPAM node in Server Manager, click IP Address Space, and then review the IP Address Inventory, we see the actual inventory, we need to go
to EVENT CATALOG.
Review audit logs and events
IPAM also allows you to track several types of events on DNS and DHCP servers, including both client and server data.

To review audit logs and events


In the IPAM navigation menu, click EVENT CATALOG.
By default, IPAM Configuration Events is selected in the lower navigation pane. Review the events that are displayed.

Click DHCP Configuration Events in the lower navigation pane and review the DHCP events that are displayed.

Under IP Address Tracking, click By Host Name.

Type Client1 in the search box, and then type dates in the two text boxes next to and DHCP lease events between these dates in the format of month/
day/year. Enter a range of dates that includes today, and then click Search.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831622(v=ws.11)
QUESTION 219
You have a server named Server1 that runs Windows Server 2016 and has the Hyper-V server role installed.

On Server1, you plan to create a virtual machine named VM1.

You need to ensure that you can start VM1 from the network.

What are two possible ways to archive the goal? Each correct answer presents a complete solution.

A. Create a generation 1 virtual machine and configure a single root I/O virtualization (SRV-IO) interface for the network adapter.
B. Create a generation 1 virtual machine and run the Enable-NetAdapterPackageDirect cmdlet
C. Create a generation 2 virtual machine
D. Create a generation 1 virtual machine that has a legacy network adapter.

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:
To boot a virtual machine from the network, it must be generation 2 VM, or Generation 1 VM connected to legacy network adapter.

QUESTION 220
You have an IP Address Management (IPAM) deployment that is used to manage all of the DNS servers on your network. IPAM is configured to use
Group Policy provisioning.

You discover that a user adds a new mail exchanger (MX) record to one of the DNS zones.

You want to identify which user added the record.

You open Event Catalog on an IPAM server, and you discover that the most recent event occurred yesterday.

You need to ensure that the operational events in the event catalog are never older than one hour. What should you do?

A. From the properties on the DNS zone, modify the refresh interval.
B. From Task Scheduler, modify the Microsoft\Windows\IPAM\Audit task.
C. From Task Scheduler, create a scheduled task that runs the Update-IpamServer cmdlet.
D. From an IPAM_DNS Group Policy object (GPO), modify the Group Policy refresh interval.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Collects DHCP and IPAM server operational events. Also collects events from domain controllers, NPS, and DHCP servers for IP address tracking.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj878342(v=ws.11)#scheduled-tasks

QUESTION 221
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 hosts a virtual machine named VM1 that runs Windows Server 2016.

You install the Hyper-V server role VM1.

You need to ensure that the virtual machines hosted on VM1 can communicate with the virtual machines hosted on Server1.

What should you do?

A. On VM1, run the Set-VMNetworkAdapter cmdlet and specify the -MacAddressSpoofing Off parameter.
B. On VM1, run the Set-VmNetworkAdapterIsolation cmdlet and specify the -MultiTenantStack On parameter.
C. On Server1, run the Set-VmNetworkAdapterIsolation, cmdlet and specify the -MultitenantStack Off parameter.
D. On Server1, run the Set-VmNetworkAdapter cmdlet and specify the -MacAddressSpoofing On parameter.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Nested virtualization networking

To route network packets through the multiple virtual switches required during nested virtualization, you can either enable MAC address spoofing or
configure network address translation (NAT).

You can enable MAC address spoofing on the virtual machine that you have configured for nested virtualization. You can do this with the following
PowerShell command:

Get-VMNetworkAdapter -VMName NameOfVM | Set-VMNEtworkAdapter -MacAddressSpoofing On

-MacAddressSpoofing

Specifies whether virtual machines may change the source MAC address in outgoing packets to one not assigned to them. Allowed values are On
(allowing the virtual machine to use a different MAC address) and Off (allowing the virtual machine to use only the MAC address assigned to it).

https://docs.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadapter?view=win10-ps

QUESTION 222
You have a Hyper-V host named Server1 that runs Windows Server 2016.

You deploy a virtual machine named VM1 to Server1. Vm1 runs Windows Server 2016.

You need to ensure that you can install the Hyper-V server role on VM1.

Which command should you run? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
The first step to configuring nested virtualization is to ensure that the virtual machine can see the virtualization extensions from the host.

This is accomplished from PowerShell by running the following command:

Set-VMProcessor -VMName VM1 -ExposeVirtualizationExtensions $True

QUESTION 223
You have an Active Directory forest that contains 30 servers and 6,000 Client computers.

You deploy a new DHCP server that runs Windows Server 2016.

You need to retrieve the list of the authorized DHCP servers.

Which command should you run?

A. Get-DHCPServerDatabase
B. Netstat -p IP -s -a
C. Get-DHCPServerInDc
D. Show-ADAuthenticationPolicyExpression -AllowedToAuthenticateTo
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
The Get-DhcpServerInDC cmdlet retrieves the list of authorized computers that run the Dynamic Host Configuration Protocol (DHCP) server service
from Active Directory. Only a computer that runs a DHCP server service that is authorized in Active Directory can lease IP addresses on the network.

https://docs.microsoft.com/en-us/powershell/module/dhcpserver/get-dhcpserverindc?view=win10-ps

QUESTION 224
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine
whether the solution meets the stated goals.

Refer to exhibit: Server1 has two virtual machines named VM1 and VM that run Windows Server 2016. VM1 connects to Private VM2 has two network
adapters.

You need to ensure that VM1 connects to the corporate network by using NAT.

Solution: You connect VM1 to Internal1. You run the New-NetNatIpAddress and the New-NetNat cmdlets on Server1. You configure VM1 to use VM2 as
the default gateway.

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 225
You have a Hyper-V server named Server1 that runs Windows Server 2016. Server1 has an IP address of 192.168.1.78. Server1 has a container
named Container1 that hosts a web application on port 84. Container1 has an IP address of 172.16.5.6. Container1 has a port mapping from port 80 on
Server1 to port 84 on Container1. You have a server named Server2 that has an IP address of 192.168.1.79. You need to connect to the web application
from Server2.

To which IP address and port should you connect?

A. 172.16.5.6:80
B. 192.168.1.78:80
C. 172.16.5.6:84
D. 192.168.1.78:84

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 226
You have a server named Server1 that runs Windows Server 2016. Server1 has the DHCP Server and the Windows Deployment Service server roles
installed.

Server1 is located on the same subnet as client computers.

You need to ensure that clients can perform a PXE boot from Server1.

Which two IPv4 options should you configure in DHCP? Each correct answer presents part of the solution.

A. 003 Router
B. 066 Boot Server Host Name
C. 015 DNS Domain Name
D. 006 DNS Servers
E. 060 Option 60

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:
DHCP Option 60
You have to create dhcp option 60 only if:

- You have a PXE Service and that runs on the same host that also runs a dhcp service (bound on UDP 67)
- You need this PXE Service to provide the "network boot program" details to your PXE clients.

These details are actually: TFTP server IP address (DHCP option 66) and network boot program file name (DHCP option 67)

If you know these details, you can perfectly make the economy of a PXE Service. Just fill these dhcp options (66 and 67) with the needed data.

QUESTION 227
You have a server named Server1 that runs Windows Server 2016. Server1 has the Containers feature installed.

You create a text file that contains the commands that will be used to automate the creation of new containers.

You need to ensure that the commands in the text file are used when you create new containers.

What should you name the file?

A. Bootstrap.ini
B. Config.ini
C. Dockerfile
D. Unattend.txt

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
1. Container Image - Dockerfile

Although a container can be manually created, modified, and then captured into a new container image, Docker includes a method for automating this
process using a Dockerfile. For this exercise, a Docker ID is required. If you do not have a Docker ID, sign up for one at Docker Cloud.

On the container host, create a directory c:\build, and in this directory create a file named Dockerfile. Note – the file should not have a file extension.

powershell new-item c:\build\Dockerfile -Force

https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-images

QUESTION 228
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, white others might not have a correct solution.

You have a server named Server1 that runs Windows Server 2016. Server1 hosts a line-of- business application named App1. App1 has a memory leak
that occasionally causes the application to consume an excessive amount of memory.

You need to log an event in the Application event log whenever App1 consume more than 4 GB of memory.

Solution: You create a performance counter data collector.

Does this meet the goal?’

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
We need to create a performance counter alert.

Expand Data Collector Sets, right-click User Defined

Choose New, and click Data Collector Set.


Make sure you select the 'Create manually option and click Next.
Crucial step, see screenshot:
Select the Performance Counter Alert

QUESTION 229
You have a Windows Server 2016 failover cluster that contains two servers named Server1 and Server2.

The Cluster Service on Server1 fails.

You need to identify the cause of the failure.

What should you do?

A. From Event Viewer, review the Application event log.


B. From Event Viewer, review the System event log.
C. From Windows PowerShell, run the Get-ClusterLog cmdlet.
D. From Windows PowerShell, run the Get-ClusterNode cmdlet.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 230
You create a Storage Spaces Direct hyper-converged failover cluster. The duster contains three nodes and a 1-TB Storage Spaces Direct volume.

The cluster will store virtual machines.

You plan to extend the volume by adding an additional 3 TB.

What is the minimum amount of extra disk capacity required to accommodate extending the volume?

A. 3 TB on the coordinator node


B. 3 TB per node
C. 4 TB per node
D. 4 TB on the coordinator node

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Three-way mirror
Three-way mirroring writes three copies of everything. Its storage efficiency is 33.3% – to write 1 TB of data, you need at least 3 TB of physical storage
capacity. Likewise, you need at least three hardware fault domains – with Storage Spaces Direct, that means three servers.

Three-way mirroring can safely tolerate at least two hardware problems (drive or server) at a time. For example, if you're rebooting one server when
suddenly another drive or server fails, all data remains safe and continuously accessible.

https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/plan-volumes

QUESTION 231
You have Hyper-V virtual machines that run 50 web servers, 10 Microsoft SQL Server servers. 10 file servers, and eight domain controllers.

You need to implement a backup strategy that meets the following requirements:

* Backs up all servers


* Centralizes backup management
* Performs application-level backups
* Provides the ability to perform bare metal recovery

What should you use?

A. Microsoft Azure VM Backup


B. Microsoft Azure Backup Agent
C. Windows Server Backup
D. Microsoft Azure Backup Server

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-mabs-protection-matrix

QUESTION 232
You have a server named Server1 that runs Windows Server 2016 and has the File and Storage Services server role installed. Server1 has an ReFS-
formatted volume named Volume1 that is 512 GB. Volume1 is mounted as C:\Appl\temp. You need to ensure that you can enable deduplication of
Volume1.

What should you do?

A. Format Volume1
B. Install a Windows feature.
C. Initialize the physical disk that contains Volume1.
D. Unmount Volume1.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Install Data Deduplication by using Server Manager
In the Add Roles and Feature wizard, select Server Roles, and then select Data Deduplication.
Install Data Deduplication via Server Manager: select Data Deduplication from Server Roles
Click Next until the Install button is active, and then click Install.
Install Data Deduplication via Server Manager: click install

Install Data Deduplication by using PowerShell


To install Data Deduplication, run the following PowerShell command as an administrator:
Install-WindowsFeature -Name FS-Data-Deduplication

QUESTION 233
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows
Server 2016 and has the DNS Server role installed. Automatic scavenging of state records is enabled and the scavenging period is set to 10 days.

All client computers dynamically register their names in the contoso.com DNS zone on Server1.

You discover that the names of multiple client computers that were removed from the network several weeks ago can still be resolved.

You need to configure Server1 to automatically remove the records of the client computers that have been offline for more than 10 days.

Solution: You set the Expires after value of the zone.

Does this meet the goal?

A. Yes
B. No

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
We need DNS Scavenging, not expire value in DNS.

The Expire Value


The primary goal is to ensure stability of the zone data, even if a mistake invalidating (non-authorising) the zone or a network outage last for several
days. A value of a week or two has proven to be way too short, so a longer time must be used. The specific value was chosen for aesthetic and historic
reasons and to disambiguate between the different proposed values of "long".

QUESTION 234
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine
whether the solution meets the stated goals.
Refer to exhibit: Server1 has two virtual machines named VM1 and VM that run Windows Server 2016. VM1 connects to Private VM2 has two network
adapters.

You need to ensure that VM1 connects to the corporate network by using NAT.

Solution: You connect VM2 to private1 and External1. You install the Remote Access Server role on VM2, and you configure NAT in the Routing and
Remote Access console. You configure VM1 to use VM2 as the default gateway

A. Yes
B. No

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
RRAS in VM2 will route traffic with the external network adapter coming from VM1

https://blogs.technet.microsoft.com/jhoward/2008/06/17/hyper-v-what-are-the-uses-for-different-types-of-virtual-networks/

QUESTION 235
You have two servers that run Windows Server 2016.
The server are configured as shown in the following table.

You need to create a failover cluster that contains both servers.

Which two commands should you run? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. vmic ComputerSystem Set Workgroup= "Workgroup2"
B. New-Cluster -Name Cluster1 -Node Server1,Server2 -AdministrativeAccessPoint DNS
C. New-Cluster -Name Cluster1 -Node Server1,Server2 -AdministrativeAccessPoint ActiveDirectoryAndDNS
D. New-Cluster -Name Cluster1 -Node Server1,Server2 -AdministrativeAccessPoint None
E. netdom computername Server1 /MakePrimary:server1.contoso.com

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
-AdministrativeAccessPoint DNS is what we need in workgroup cluster to avoid creating objects and comunicate correctly.

https://blogs.msdn.microsoft.com/clustering/2015/08/17/workgroup-and-multi-domain-clusters-in-windows-server-2016/

QUESTION 236
Refer to Exhibit: You plan to implement a VPN. FabRA1 will use the RADIUS proxy for authentication. You need to ensure that VPN clients can be
authenticated and can access internal resources. The solution must ensure that FabRS1 is used as a RADIUS server and FabRPl is used as a RADIUS
proxy.

Which two actions should you perform? Each correct answer presents part of the solution.

A. Create a connection request policy on FabRSl.


B. Create a connection request policy on FabRPl.
C. Create a network policy on FabRSl.
D. Delete the default connection request policy on FabRSl.
E. Create a network policv on FabRPl.

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:
We need to use the NPS servers as RADIUS server and the other as RADIUS proxy, that means we need to create in one a connection request policy
and the other a network policy.

NPS is Microsoft’s implementation of a RADIUS server. When you configure NPS as a RADIUS server, you can add RADIUS clients, such as wireless
access points, network access servers, and VPN servers—all of
which can use the NPS role as their configured RADIUS server. After configuring the RADIUS clients, you must create and configure NPS policies that
are used to authenticate and authorize connection attempts.

Configure a RADIUS proxy

You can deploy NPS as a RADIUS proxy. In this configuration, the NPS role forwards connection request attempts from remote access clients to the
configured RADIUS server for authentication and authorization. You can use connection request policies to determine which connection requests are
handled locally, and which are forwarded to a RADIUS server.

https://technet.microsoft.com/en-us/library/dd182017.aspx?f=255&MSPPError=-2147217396

QUESTION 237
You have 2000 devices, One hundred of the devices are mobile devices that have physical addresses beginning with 98-5F.

You have a DHCP server named Server1.

You need to ensure that the mobile devices register their host name by using a DNS suffix of mobile.contoso.com

A. From the properties of Scopte1, Modify the Conflict detection attempts setting.
B. From the properties of Scope1, Configure Name Protection.
C. From the Properties of IPV4, configure the bindings.
D. From IPV4, create a new filter
E. From the properties of Scope1, create an exclusion range.
F. From IPv4, run the DHCP Policy Configuration Wizard.
G. From Control Panel, modify the properties of Ethernet.
H. From Scope1, create a reservation

Correct Answer: F
Section: (none)
Explanation

Explanation/Reference:
With the BYOD trend on rise, enterprises today are witnessing a number of devices visiting their premises which are not a member of any of their local
registered corporate domains. These devices are either the members of some foreign domain or are workgroup-joined. Now how do you handle the
DNS registrations of such devices via DHCP server?

DHCP server in Windows Server 2012 R2 introduces a new criterion in DHCP policies to allow you to group clients based on their fully qualified domain
names. What’s more? Using wildcards, you can use this criterion to group clients based on their DNS suffix or based on their host names.

Having grouped clients belonging to foreign domains or workgroups using DHCP policies, you can disable PTR registrations for them. You can also
register these clients in a different DNS suffix.

https://blogs.technet.microsoft.com/teamdhcp/2014/01/26/windows-server-2012-r2-enhancing-dhcp-policies-and-dns-registrations-in-dhcp-server/

QUESTION 238
You have two servers named Server1 and Server2 that run Windows Server 2016.

Server1 has the DNS Server role installed. The advanced DNS properties for Server1 are shown in the Advanced DNS exhibit. (Click the Exhibit button.)

Server2 is configured to use Server1 as a DNS server. Server2 has the following IP configuration.
Select the appropriate selection if statement is "Yes" or No.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 239
Hotspot Questions

Refer to Exhibit, Container1 hosts a website on port 8080.

You create a port mapping between port 8080 on Container1 and port 80 on Server1. Which URL can you use to access the website from Server1,
Server2, and Container2?

To answer, select the appropriate options in the answer area.


Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 240
Hotspot Questions

You have two Hyper-V hosts named Server1 and Server2 that run Windows Server 2016. Server1 and Server2 connect to the same network.

Server1 and Server2 have virtual switches configured as shown in the following table.
All of the virtual machines are configured lo have IP addresses from the same network segment
The firewall on each of the virtual machines is configured to allow network connectivity.

To which virtual machines can you connect from VM1 and VM2? To answer, select the appropriate options in the answer area.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 241
Hotspot Questions

You are configuring internal virtual networks to support multitenancy communication between tenant virtual machine networks and remote sites.

You have a tenant named Tenant1.


You need to enable Border Gateway Protocol (BGP) for Tenant1.

Which commands should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Multi-Tenant VPN Installation and activation (Virtual Machine)
Once the routing domains are ready, the RemoteAccess VPN Service can be configured on the virtual machine and it can be configured for these
routing domains. This section provides a step-by-step account of this configuration.

RemoteAccess installation with Multi-Tenancy support


Following PowerShell cmdlets shall install RemoteAccess with Multi-Tenancy support –

# Install RemoteAccess with MultiTenancy

Add-WindowsFeature -Name Remoteaccess -IncludeAllSubFeature –IncludeManagementTools

ipmo remoteaccess

Install-RemoteAccess –MultiTenancy

# Check RemoteAccess Installation

Get-RemoteAccess

# Enable RemoteAccess “VPN”

Enable-RemoteAccessRoutingDomain -Name “Contoso” -Type Vpn –PassThru

Enable-RemoteAccessRoutingDomain -Name “Woodgrove” -Type Vpn –PassThru

QUESTION 242
Hotspot Questions

Refer to Exhibit: \\Server1.adatum.com\namespace1 has a folder target named Folder1. A user named User1 has Full Control share and NTFS
permissions to Folder1.

Folder1 contains a file named File1.doc User1 has only Write NTFS permissions to File1.doc
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Hot Area:
Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
The basic difference between the two DFS namespaces is how they store the DFS configuration data. Standalone namespaces keep this information
in the host server's registry, while domain-based namespaces store it in the Active Directory (AD) database. The location of this data affects the
configuration of DFS. For example, the root for standalone namespaces can only have a single root target, while domain-based namespaces can have
multiple root targets.

Fault tolerance and load balancing


A root target is a shared folder bound to a DFS root. Having multiple root targets allows a domain-based namespace to be connected to multiple folders,
which can each be hosted on a separate file server. To ensure the root targets remain synchronized with one another, use the DFS Replication
engine.

Having multiple replicas of a root target available provides a degree of fault tolerance. It also allows DFS to balance the workload by evenly distributing
requests among the available root targets.

QUESTION 243
Hotspot Questions

On a DNS server that runs Windows Server 2016, you plan to create two new primary zones named adatum.com and contoso.com.

You have the following requirements for the zones:

- Ensure that computers on your network can register records automatically in the adatum.com zone.
- Ensure that records that are stale for two weeks are purged automatically from the contoso.com zone.

What should you configure for each zone? To answer, select the appropriate options in the answer area.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Dynamic update provides the following benefits:

Enables clients, including DHCP clients, to dynamically register A and PTR resource records with a primary server. This reduces the administrative
resources needed to manually manage those records.
Enables DHCP servers to register A and PTR resource records on behalf of DHCP clients. This reduces the time needed to manually manage those
records and provides support for DHCP clients that cannot perform dynamic updates.
Simplifies the setup of Active Directory by allowing domain controllers to be dynamically registered by using SRV records.

Aging and scavenging is the process by which resource records are given a time stamp when they are created and then removed when their age
exceeds a specified limit. This process is especially useful for preventing the accumulation of invalid records when resource records are automatically
created, as with dynamic update.

QUESTION 244
Hotspot Questions

You have four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2016.

Server1 and Server2 are nodes in a failover cluster named FC1. Server3 and Server4 are nodes in a failover cluster named FC2.

You add the cluster roles show in the following table.

You add a file share named Share1 to FS1. You add a file share named Share2 to FS2.

Which UNC paths can you use to access each share? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:
Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
****Not a valid answer provided

Should be:

BOX1: \\Server1\Share1 or \\FS1\Share1


BOX2. \\Server3\Share2, \\Server4\Share2 and \\FS2\Share2

QUESTION 245
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has two network adaptors named NK1 and NIC2. Server2 has two
virtual switches named vSwitch1 and vSwitch2. N1C1 connects to vSwitch1. NIC2 connects to vSwitch2

Server1 hosts a virtual machine named VM1. VM1 has two network adapters named vmNIC1 and vmNIC1. VmNIC1 connects to vSwitch1. VmNIC2
connects to vSwitch2.

You need to create a NIC team on VM1.

What should you run on VM1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
-TeamingMode

Specifies the mode of the NIC teaming. You can specify one of the following three teaming modes:

LACP. Uses the IEEE 802.1ax Link Aggregation Control Protocol (LACP) to dynamically identify links that are connected between the host and a
given switch. (This protocol was formerly known as IEEE 802.3ad draft.)
Static. Requires configuration on both the switch and the host to identify which links form the team.
SwitchIndependent. Specifies that a network switch configuration is not needed for the NIC team. Because the network switch is not
configured to know about the interface teaming, the team interfaces can be connected to different switches.

-LoadBalancingAlgorithm

Specifies the load-balancing algorithm the new team uses to distribute network traffic between the interfaces.

You can specify one of the following load balancing algorithms:

Dynamic. Uses the source and destination TCP ports and the IP addresses to create a hash for outbound traffic. Moves outbound streams
from team member to team member as needed to balance team member utilization. When you specify this algorithm with the
TeamingMode parameter and the SwitchIndependent value, inbound traffic is routed to a particular team member.

TransportPorts. Uses the source and destination TCP ports and the IP addresses to create a hash and then assigns the packets that have the
matching hash value to one of the available interfaces. When you specify this algorithm with the TeamingMode parameter and the
SwitchIndependent value, all inbound traffic arrives on the primary team member.

IPAddresses. Uses the source and destination IP addresses to create a hash and then assigns the packets that have the matching hash value to one
of the available interfaces. When you specify this algorithm with the TeamingMode parameter and the SwitchIndependent value, all inbound traffic
arrives on the primary team member.

MacAddresses. Uses the source and destination MAC addresses to create a hash and then assigns the packets that have the matching hash value
to one of the available interfaces. When you specify this algorithm with the TeamingMode parameter and the SwitchIndependent value, all inbound
traffic arrives on the primary team member.

HyperVPort. Distributes network traffic based on the source virtual machine Hyper-V switch port identifier. When you specify this algorithm with the
TeamingMode parameter and the SwitchIndependent value, inbound traffic is routed to the same team member as the switch port's outgoing traffic.

https://docs.microsoft.com/en-us/powershell/module/netlbfo/new-netlbfoteam?view=win10-ps

QUESTION 246
Drag and Drop Questions

You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 hosts a virtual machine named VM1. VM1 runs Windows Server
2016. VM1 uses a VHD for storage.

The disk configuration of VM1 is shown in the exhibit.


You need to increase the size of volume D to 400 GB.

Which cmdlets should you run on Server1 and VM1? To answer, drag the appropriate cmdlets to the correct servers. Each cmdlet may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
First we need to shutdown the machine, its a offline operation with VHD's.

https://www.altaro.com/hyper-v/resize-virtual-hard-disks-hyper-v-2016/

QUESTION 247
Hotspot Questions

Server1 provides DNS name resolution to both internal and external clients. Server1 hosts the primary zone for contoso.com.

You need to configure Server1 to meet the following requirements:

* Internal clients must be able to use Server 1 to resolve internal- based DNS names.
* External clients must not be able to use Server1 to resolve Internal-based DNS names.
* External clients must able to use Server1 to resolve names in the contoso.com zone.

Which commands should you run on Server1.? To answer select the appropriate option in answer area.
Hot Area:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
reate Recursion Scopes
Recursion scopes are unique instances of a group of settings that control recursion on a DNS server. A recursion scope contains a list of forwarders and
specifies whether recursion is enabled. A DNS server can have many recursion scopes.

The legacy recursion setting and list of forwarders are now referred as the default recursion scope. You cannot add or remove the default recursion
scope, identified by the name “.” (Dot).

In this example, the default recursion setting is being disabled, while a new recursion scope for internal clients is being created where recursion is being
enabled.

Set-DnsServerRecursionScope -Name . -EnableRecursion $False

Add-DnsServerRecursionScope -Name "InternalClients" -EnableRecursion $True

Explore Add-DnsServerRecursionScope

DNS server recursion policies can be created to choose a recursion scope for a set of queries matching certain criteria. If the DNS server is not
authoritative for those queries, these policies allow admin to control how to resolve those queries. Here the internal recursion scope which has recursion
enabled is being associated with private network interface

Add-DnsServerQueryResolutionPolicy -Name "RecursionControlPolicy" -Action ALLOW -ApplyOnRecursion -RecursionScope


"InternalClients" -ServerInterfaceIP "EQ,10.0.0.39"

https://blogs.technet.microsoft.com/teamdhcp/2015/09/09/selective-recursion-control-using-dns-server-policies/

QUESTION 248
You have a security policy that states that servers should run Nano Server whenever possible.

Which server role can be deployed on Nano Server :

A. Remote Desktop Services


B. Web Server IIS
C. DHCP
D. Active Directory Federation Services

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

You might also like