Verified 70-417 Testing Engine 2021

NEW QUESTION 1
HOTSPOT
You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Sockets Layer (SSL). To which store
should you import the certificate?
To answer, select the appropriate store in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
When organizations deploy their own public key infrastructure (PKI) and install a private trusted root CA, their CA automatically sends its certificate to all domain member computers in the organization. The domain member client and server computers store the CA certificate in the Trusted Root Certification Authorities certificate store. After this occurs, the domain member computers trust certificates that are issued by the organization trusted root CA.
For example, if you install AD CS, the CA sends its certificate to the domain member computers in your organization and they store the CA certificate in the Trusted Root Certification Authorities certificate store on the local computer. If you also configure and autoenroll a server certificate for your NPS servers and then deploy PEAP-MS-CHAP v2 for wireless connections, all domain member wireless client computers can successfully authenticate your NPS servers using the NPS server certificate because they trust the CA
that issued the NPS server certificate.
On computers that are running the Windows operating system, certificates that are installed on the computer are kept in a storage area called the certificate store. The certificate store is accessible using the Certificates Microsoft Management Console (MMC) snap-in.
This store contains multiple folders, where certificates of different types are stored. For example, the certificate store contains a Trusted Root Certification Authorities folder where the certificates from all trusted root CAs are kept.
When your organization deploys a PKI and installs a private trusted root CA using AD CS, the CA automatically sends its certificate to all domain member computers in the organization. The domain member client and server computers store the CA certificate in the Trusted Root Certification Authorities folder in the Current User and the Local Computer certificate stores. After this occurs, the domain member computers trust certificates that are issued by the trusted root CA.
Similarly, when you autoenroll computer certificates to domain member client computers, the certificate is kept in the Personal certificate store for the Local Computer. When you autoenroll certificates to users, the user certificate is kept in the Personal certificate store for the Current User.
http: //technet. microsoft. com/en-us/library/cc730811. aspx http: //technet. microsoft. com/en-us/library/cc730811. aspx
http: //technet. microsoft. com/en-us/library/cc772401%28v=ws. 10%29. aspx http: //technet. microsoft. com/en-us/library/ee407543%28v=ws. 10%29. aspx

NEW QUESTION 2
You have a server named Server1 that runs Windows Server 2012 R2. From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1. When Admin1 runs the Certification Authority console, Admin1 receive the following error message.

You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?

• A. Install the Active Directory Certificate Services (AD CS) tools
• B. Configure the Active Directory Certificate Services server role from Server Manager
• C. Run the regsvr32.exe command
• D. Modify the PATH system variable

Answer: B

NEW QUESTION 3
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2.
You need to move all of the applications and the services from Cluster1 to Cluster2. What should you do first from Failover Cluster Manager?

• A. On a server in Cluster1, configure Cluster-Aware Updating.
• B. On a server in Cluster2, configure Cluster-Aware Updating.
• C. On a server in Cluster1, click Migrate Roles.
• D. On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node...

Answer: C

Explanation:
http://blogs.msdn.com/b/clustering/archive/2012/06/25/10323434.aspx

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed.
Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation.
You need to create a trust policy for the partner organization. The solution must meet the following requirements:
✑ Grant users in the partner organization access to protected content
✑ Provide users in the partner organization with the ability to create protected content.
Which type of trust policy should you create?

• A. A federated trust
• B. Windows Live ID
• C. A trusted publishing domain
• D. A trusted user domain

Answer: A

NEW QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run Either Windows XP, Windows 7, or Windows 8.
Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV).
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the
solution. Choose three.)

• A. Automatic updating is enabled.
• B. A firewall is enabled for all network connections.
• C. An antispyware application is on.
• D. Antispyware is up to date.
• E. Antivirus is up to date.

Answer: ABE

Explanation:
http://technet.microsoft.com/en-us/library/cc731260.aspx
* System health agent (SHA) is a NAP component.
* System health agent (SHA)
A component that checks the state of the client computer to determine whether the settings monitored by the SHA are up-to-date and configured correctly. For example, the Windows Security Health Agent (WSHA) can monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether antispyware software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the computer has the most recent security updates from Microsoft Update Services. There might also be SHAs (and corresponding system health validators) available from other companies that provide different functionality.

NEW QUESTION 6
DRAG DROP
You have a Hyper-V host named Host1.Host1 contains two virtual machines named VM1 and VM2.VM1 is configured as a print server.VM1 runs Windows Server 2008 R2.VM2 is configured as a file server.VM2 runs Windows Server 2012 R2.
You need to migrate all of the printers on VM1 to VM2.
Which actions should you perform on the virtual machines?
To answer, drag the appropriate action to the correct servers in the answer area. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Note:
On VM1 we export the printers. On VM2 we first install the Print and Document Services role, and then import the printers.
You must install the Print and Document Services role on the destination server before you begin the migration process.

NEW QUESTION 7
HOTSPOT
Your network contains a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a zone namedcontoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com.
You change the IP address of Server2.
Several hours later, some users report that they cannot connect to Server2.
On the affected users' client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2.
You need to reduce the amount of time that the client computers cache DNS records from contoso.com.
Which value should you modify in the Start of Authority (SOA) record?To answer, select the appropriate setting in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
The Default TTL, is just that a default for newly created records. Once the records are created their TTL is independent of the Default TTL on the SOA. Microsoft DNS implementation copies the Default TTL setting to all newly created records their by giving them all independent TTL settings.
SOA Minimum Field: The SOA minimum field has been overloaded in the past to have three different meanings, the minimum TTL value of all RRs in a zone, the default TTL of RRs which did not contain a TTL value and the TTL of negative responses.
Despite being the original defined meaning, the first of these, the minimum TTL value of all RRs in a zone, has never in practice been used and is hereby deprecated. The second, the default TTL of RRs which contain no explicit TTL in the master zone file, is relevant only at
the primary server. After a zone transfer all RRs have explicit TTLs and it is impossible to determine whether the TTL for a record was explicitly set or derived from the default after a zone transfer. Where a server does not require RRs to include the TTL value explicitly, it should provide a mechanism, not being the value of the MINIMUM field of the SOA record, from which the missing TTL values are obtained. How this is done is implementation dependent.
TTLs also occur in the Domain Name System (DNS), where they are set by an authoritative name server for a particular resource record. When a caching (recursive) nameserver queries the authoritative nameserver for a resource record, it will cache that record for the time (in seconds) specified by the TTL. If a stub resolver queries the caching nameserver for the same record before the TTL has expired, the caching server will simply reply with the already cached resource record rather than retrieve it from the authoritative nameserver again.
Shorter TTLs can cause heavier loads on an authoritative nameserver, but can be useful when changing the address of critical services like Web servers or MX records, and therefore are often lowered by the DNS administrator prior to a service being moved, in order to minimize disruptions.



http: //support. microsoft. com/kb/297510/en-us http: //support. microsoft. com/kb/297510/en-us https: //en. wikipedia. org/wiki/Time_to_live
http: //www. faqs. org/rfcs/rfc2308. html#ixzz0qVpTEitk

NEW QUESTION 8
You have a server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. You attach a 4-TB disk to Server1.
The disk is configured as an MBR disk. You need to ensure that you can create a 4-TB volume on the disk.
Which Diskpart command should you use?

• A. Automount
• B. Convert
• C. Expand
• D. Attach

Answer: B

Explanation:
You will need to convert the disk to a GPT since GPT disks allows for partitioning and not MBR disks.
References:
Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 3.2: Create and Configure virtual machine storage, Chapter 3: p. 159
Exam Ref 70-410: Installing and Configuring Server 2012: Objective 1.3: Installing and Configuring servers, Chapter 1: p. 42-43

NEW QUESTION 9
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Host1. Host1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Host1 hosts two virtual machines named VM5 and VM6. Both virtual machines connect to a virtual switch named Virtual1.
On VM5, you install a network monitoring application named Monitor1.
You need to capture all of the inbound and outbound traffic to VM6 by using Monitor1. Which two commands should you run from Windows PowerShell? (Each correct answer
presents part of the solution. Choose two.)

• A. Get-VM "VM6" | Set-VMNetworkAdapter-IovWeight 1
• B. Get-VM "VM5" | Set-VMNetworkAdapter -IovWeight 0
• C. Get-VM "VM6" | Set-VMNetworkAdapter -PortMirroring Source
• D. Get-VM "VM6" | Set-VMNetworkAdapter -AllowTeaming On
• E. Get-VM "VM5" | Set-VMNetworkAdapter -PortMirroring Destination
• F. Get-VM "VM5" | Set-VMNetworkAdapter -AllowTeaming On

Answer: CE

Explanation:
-PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination.
✑ If set to Source, a copy of every network packet it sends or receives is forwarded
to a virtual network adapter configured to receive the packets.
✑ If set to Destination, it receives copied packets from the source virtual network adapter.
In this scenario, VM5 is the destination which must receive a copy of the network packets from VM6, which s the source.
Reference:
http://technet.microsoft.com/en-us/library/hh848457.aspx

NEW QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 hosts an application named App1.
You need to ensure that Server2 handles all of the client requests to the cluster for App1. The solution must ensure that if Server2 fails, Server1 becomes the active node for App1.
What should you configure?

• A. Affinity - None
• B. Affinity - Single
• C. The cluster quorum settings
• D. The failover settings
• E. A file server for general u
• F. The Handling priority
• G. The host priority
• H. Live migration
• I. The possible owner
• J. The preferred owner
• K. Quick migration
• L. The Scale-Out File Server

Answer: J

Explanation:
The preferred owner in a 2 server cluster will always be the active node unless it is down.
http://www.sqlservercentral.com/Forums/Topic1174454-146-1.aspx#bm1174835
Difference between possible owners and preferred owners Possible owners are defined at the resource level and dictate which nodes in the Windows cluster are able to service this resource For instance, you have a 3 node cluster with Node A, Node B and Node C. You have a clustered disk resource "MyClusteredDisk", if you remove Node C from the possible owners of the clustered disk resource "MyClusteredDisk" then this disk will never be failed over to Node C. Preferred owners are defined at the resource group level and define the preferred node ownership within the Windows cluster For instance, you have a 3 node cluster with Node A, Node B and Node C. You have a cluster resource group "MyClusteredGroup" which contains various disk, IP, network name and service resources. Nodes A, B and C are all possible owners but Node B is set as the preferred owner and is currently the active node. The resource group fails over to Node C as Node B stops responding on the Public network due to a failed NIC. In the Resource group properties on the failback tab you have this set to immediate. You fix the NIC issue on Node B and bring it back up on the network. The resource group currently active on Node C will without warning immediately attempt to failback to Node B. Not a good idea if this is a Production SQL Server instance, so use caution when configuring preferred owners and failback http://support.microsoft.com/kb/299631/en-us
Failover behavior on clusters of three or more nodes
This article documents the logic by which groups fail from one node to another when there are 3 or more cluster node members. The movement of a group can be caused by an administrator who manually moves a group or by a node or resource failure. Where the group moves depends on how the move is initiated and whether the Preferred Owner list is set.

NEW QUESTION 11
You have a server named Server1.
You install the IP Address Management (IPAM) Server feature on Server1.
You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least
privilege.
Which user role should you assign to User1?

• A. IP Address Record Administrator Role
• B. IPAM Administrator Role
• C. IPAM MSM Administrator Role
• D. IPAM DHCP Scope Administrator Role

Answer: A

Explanation:
Explanation
IPAM ASM Administrators
IPAM ASM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have all the privileges of the IPAM Users security group, and can perform IP address space tasks in addition to IPAM common management tasks.
Note: When you install IPAM Server, the following local role-based IPAM security groups are created:
IPAM Users
IPAM MSM Administrators IPAM ASM Administrators IPAM IP Audit Administrators IPAM Administrators Incorrect:
not B: Too much privileges. IPAM Administrators
IPAM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have privileges to view all IPAM data and perform all IPAM tasks.

NEW QUESTION 12
Your IT company is constantly changing, with new users coming and going throughout the year. One of your common tasks requires the deletion of user accounts for employees who have left the company. Which command can be used to delete user accounts?

• A. LDIFDE
• B. Dsmod
• C. Dspromo
• D. Netsh

Answer: A

Explanation:
So far, dsmod modifies but cannot delete ldifde can

NEW QUESTION 13
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All servers runs Windows Server 2012 R2.The domain contains two domain controllers named DC1 and DC2. Both domain controllers are virtual machines on a Hyper-V host.
You plan to create a cloned domain controller named DC3 from an image of DC1. You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

• A. Add the computer account of DC1 to the Cloneable Domain Controllers group.
• B. Create a DCCIoneConfig.xml file on DC1.
• C. Add the computer account of DC3 to the Cloneable Domain Controllers group.
• D. Run the Enable-AdOptionalFeaturecmdlet.
• E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.

Answer: AB

Explanation:
* Cloneable Domain Controllers Group (located in the Users container). Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn't be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group.
* DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more.

NEW QUESTION 14
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2 Datacenter. Server1 is located in an isolated network that cannot access the Internet.
On Server1, you install a new virtual machine named VM1. VM1 runs Windows Server 2012 R2 Essentials and connects to a private virtual network.
After 30 days, you discover that VM1 shuts down every 60 minutes.
You need to resolve the issue that causes VM1 to shut down every 60 minutes. What should you do?

• A. OnVM1, run slmgr.exe and specify the /ipk parameter.
• B. OnServer1, run slmgr.exe and specify the /rearm-sku parameter.
• C. Create a new internal virtual network and attach VM1 to the new virtual network.
• D. On Server1, run Add-WindowsFeatureVolumeActivation.

Answer: A

NEW QUESTION 15
HOTSPOT
The settings for a virtual machine named VM2 are configured as shown in the VM2 exhibit.(Click the Exhibit button.)

The settings for Disk1.vhdx are configured as shown in the Disk1.vhdx exhibit. (Click the Exhibit button.)

The settings for Disk2.vhdx are configured as shown in the Disk2.vhdx exhibit.(Click the Exhibit button.)

Select Yes if the statement can be shown to be true based on the available information; otherwise select No.Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
If you want to compact a differencing virtual hard disk or an undo disk, you must merge the changes to the parent disk and then compact the parent disk, if it is a dynamically expanding virtual hard disk.
You can compact a dynamically expanding virtual hard disk.You cannot compact any other type of virtual hard disk.However, you can convert a fixed-size virtual hard disk to a dynamically expanding virtual hard disk and then compact the disk.If you want to compact a differencing virtual hard disk or an undo disk, you must merge the changes to the parent disk and then compact the parent disk, if it is a dynamically expanding virtual hard disk
References:
http://technet.microsoft.com/en-us/library/cc708394(v=ws.10).aspx

NEW QUESTION 16
HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. You configure Network Access Protection (NAP) on Server1.
Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly.
You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named CONT1 and CONT2. Both servers run Windows Server 2012 R2.
CONT1 has a shared printer named Printer1. CONT2 connects to Printer1 on CONT1. When you attempt to remove Printer1 from CONT2, you receive the error message shown
in the exhibit. (Click the Exhibit button.)

You successfully delete the other printers installed on CONT2.
You need to identify what prevents you from deleting Printer1 on CONT2. What should you identify?

• A. Printer1 is deployed as part of a mandatory profile
• B. Printer1 is deployed by using a Group Policy object (GPO)
• C. Your user account is not a member of the Print Operators group on CONT2
• D. Your user account is not a member of the Print Operators group on CONT1

Answer: B

NEW QUESTION 18
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that only Scope1, Scope3, and Scope5 assign the same DNS servers to DHCP clients.
The solution must minimize administrative effort. What should you do?
Exhibit:

• A. Create a superscope and a filter
• B. Create a superscope and scope-level policies
• C. Configure the Server Options
• D. Configure the Scope Options

Answer: D

NEW QUESTION 19
You have a server named Server1 that runs Windows Server 2012 R2. You plan to create an image of Server1.
You need to remove the source files for all server roles that are not installed on Server1. Which tool should you use?

• A. dism.exe
• B. servermanagercmd.exe
• C. ocsetup.exe
• D. imagex.exe

Answer: A

Explanation:
servermanagercmd.exe The ServerManagerCmd.exe command-line tool has been deprecated in
WindowsServer 2008 R2. imagex.exe ImageX is a command-line tool in Windows Vista that you can use to create and manageWindows image (.wim) files. A .wim file contains one or more volume images, disk volumes that containimages of an installed Windows operating system. dism.exe Deployment Image Servicing and Management (DISM.exe) is a command-line tool that canbe used to service a Windows?image or to prepare a Windows Preinstallation Environment (WindowsPE) image. It replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg that were included inWindows Vista? The functionality that was included in these tools is
now consolidated in one tool(DISM.exe), and new functionality has been added to improve the experience for offline servicing. DISMcan Add, remove, and enumerate packages. ocsetup.exe The Ocsetup.exe tool is used as a wrapper for Package Manager (Pkgmgr.exe) and for WindowsInstaller (Msiexec.exe). Ocsetup.exe is a command-line
utility that can be used to perform scripted installs andscripted uninstalls of Windows optional components. The Ocsetup.exe tool replaces the Sysocmgr.exe tool thatWindows XP and Windows Server
2003i use.
http://technet.microsoft.com/en-us/library/hh824822.aspx http://blogs.technet.com/b/joscon/archive/2010/08/26/adding-features-with- dism.aspx http://technet.microsoft.com/en-us/library/hh831809.aspx http://technet.microsoft.com/en-us/library/hh825265.aspx

NEW QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.

You plan to deploy an enterprise certification authority (CA) on a server named Servers. Server5 will be used to issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?

• A. Server1
• B. Server3
• C. Server4
• D. Server2

Answer: B

Explanation:
CDP (and AD CS) always uses a Web Server
NB: this CDP must be accessible from outside the AD, but here we don't have to wonder about that as there's only one web server.
http://technet.microsoft.com/fr-fr/library/cc782183%28v=ws.10%29.aspx Selecting a CRL Distribution Point
Because CRLs are valid only for a limited time, PKI clients need to retrieve a new CRL
periodically. Windows
Server 2003 PKI Applications look in the CRL distribution point extension for a URL that points to a network location from which the CRL object can be retrieved. Because CRLs for enterprise CAs are stored in Active Directory, they can be accessed by means of LDAP. In comparison, because CRLs for stand-alone CAs are stored in a directory on the server, they can be accessed by means of HTTP, FTP, and so on as long as the CA is online. Therefore, you should set the CRL distribution point after the CA has been installed.
The system account writes the CRL to its distribution point, whether the CRL is published manually or is published according to an established schedule. Therefore you must ensure that the system accounts for CAs have permission to write to the CRL distribution point. Because the CRL path is also included in every certificate, you must define the CRL location and its access path before deploying certificates. If an Application performs revocation checking and a valid CRL is not available on the local computer, it rejects the certificate.
You can modify the CRL distribution point by using the Certification Authority MMC snap-in. In this way, you can change the location where the CRL is published to meet the needs of users in your organization. You must move the CRL distribution point from the CA configuration folder to a Web server to change the location of the CRL, and you must move each new CRL to the new distribution point, or else the chain will break when the previous CRL expires.
Note
On root CAs, you must also modify the CRL distribution point in the CAPolicy.inf file so that the root CA certificate references the correct CDP and AIA paths, if specified. If you are using certificates on the Internet, you must have at least one HTTPs-accessible location for all certificates that are not limited to internal use.
http://technet.microsoft.com/en-us/library/cc771079.aspx Configuring Certificate Revocation
It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file shares.

NEW QUESTION 21
HOTSPOT
You deploy a Server with a GUI installation of Windows Server 2012 R2 Datacenter. From Windows PowerShell, you run the following command:
Remove-WindowsFeature Server-Gui-Shell.
In the table below, identify which tools are available on Server1 and which tools are unavailable on Server1.
Make only one selection in each row. Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
When you uninstall "Server-GUI-Shell" you are left with a "Minimal Server Interface" server.So, File Explorer and IE10 are unavailable, but MMC and Server Manager works.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 2: Deploying Servers, p.44
Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2: Chapter 1: Installing and Configuring Servers, p.19-22

NEW QUESTION 22
You plan to deploy a child domain for contoso.com in Microsoft Azure.
To the Azure subscription, you add several virtual machines that have a Server Core installation of Windows Server 2012 R2.
You need to create the new domain on one of the virtual machines. Which command should you use?

• A. the ntdsutil command
• B. the Set-ADDomain Windows PowerShell cmdlet
• C. the install-ADDSDomain Windows PowerShell cmdlet
• D. the dsadd command
• E. the dsamain command
• F. the dsmgmt command
• G. the net user command
• H. the Set-ADForest Windows PowerShell cmdlet

Answer: C

NEW QUESTION 23
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You install the IP Address Management (IPAM) Server feature on a server named Server1 and select Manual as the provisioning method.
The IPAM database is located on a server named SQL1.
You need to configure IPAM to use Group Policy Based provisioning. What command should you run first?
To answer, select the appropriate options in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
You mount an Active Directory snapshot on DC1.
You need to expose the snapshot as an LDAP server. Which tool should you use?

• A. Dsamain
• B. Ntdsutil
• C. Ldp
• D. ADSI Edit

Answer: A

Explanation:
Dsamain.exe can you can use to expose the snapshot data as an LDAP server

NEW QUESTION 25
Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?

• A. Assign User1 the Issue and Manage Certificates permission to CA1.
• B. Assign User1 the Read permission and the Write permission to all certificate templates.
• C. Provide User1 with access to a Key Recovery Agent certificate and a private key.
• D. Assign User1 the Manage CA permission to CA1.

Answer: C

Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificate- services-pki-keyarchival-and-management.aspx#Protecting_Key_Recovery_Agent_Keys

NEW QUESTION 26
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. Server1 hosts 10 virtual machines that run Windows Server 2012 R2. You add a new server named Server2.
Server2 has faster hard disk drives, more RAM, and a different processor manufacturer than Server1.
You need to move all of the virtual machines from Server1 to Server2. The solution must minimize downtime.
What should you do for each virtual machine?

• A. Perform a quick migration.
• B. Perform a storage migration.
• C. Export the virtual machines from Server1 and import the virtual machines to Server2.
• D. Perform a live migration.

Answer: C

Explanation:
The different processor manufacturer is the key here. Storage, Live, and Quick all require same manufacturer.

NEW QUESTION 27
HOTSPOT
Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and an IKEv2 VPN. You need to view the properties of the VPN connection. Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 28
......