Zacker book, Chapter 4

On to chapter 4, did meet my established quota but ran into some thing unknown to me, I heard a robot once call it fatigued. Hopefully
that wont happen today but you never know. Maybe I can finish up the last two that I had planned to get out yesterday, today. Yeserday
possibly would have been better for me. Not sure why I feel that way.

Please read the header for this post
regarding the answer key situation for these chapters.

1. Which of the following is the best description of a security principle?

A. A person granting the permissions to network users.

B. The network resource receiving permissions.

C. A collection of individual special permissions.

D. An AD object that gets assigned permissions.

Answer: D, this one didnt have an answer and I thought the wording was poor but the general idea is the user thats being granted
the permissions per the book so I changed the wording of D around to better express this though. So not only does this book not have the answers
but im having to edit it too!!! OMG, what a turd haha

2. Which of the following statements about effective access is not true?

A. Inherited permissions take precedence over explicit permissions.

B. Deny permissions always override Allow permissions.

C. When a security principal receives Allow permissions from multiple groups the
permissions are combined to form the effective access permissions.

D. Effective access includes both permissions inherited from parents and permissions
derived from group membership.

Answer: A, To quote another source “When a
security principal receives permissions by inheriting them from a parent or from group
memberships, you can override those permissions by explicitly assigning contradicting
permissions to the security principal itself.”

3. Which of the following statements is not true in reference to resource ownership?

A. One of the purposes for file and folder ownership is to calculate disk quotas.

B. Every file and folder on an NTFS drive(r?) has an owner

C. It is possible for any user possessing the Take Ownership special permission to assume the ownership of a file
or folder.

D. It is possible to lock out a file or folder by assigning a combination of permissions that permits access to no one
at all, including the owner of the file or folder.

Answer: B, every folder does not have to be assigned an owner. This two has no answer but im like 80% sure this is what
the chapter is indicating. If its wrong please hit my inbox.

4. Which of the following statements about permissions is true?

A. ACLs (access control lists) are composed of ACEs (access control entries)

B. Basic permissions are composed of advanced permissions

C. All permissions are stored as part of the protected resource.

D. All of the above.

Answer: A & B are verifiably true and C is questionable & and hard to verify. The term “protected resource” is hard to
verify in this context.

5. What is the maximum number of shadow copies that a Windows Server 2012 system can maintain for each volume?

A. 8

B. 16

C. 64

D. 128

Answer: C for more information see the TechNet article on Shadow Copies

6. Which of the following terms describes the process of granting users access to file server shares by reading their permissions?

A. Authentication

B. Authorization

C. Enumeration

D. Assignment

Answer: D, not much to say with this one.

7. Which of the following are tasks that you can perform using the quotas in the FSRM but you cant perform with NTFS quotas?

A. Send an email notification to an administrator when users exceed their limits.

B. Specify different storage limits for each user.

C. Prevent users from consuming any storage space on a volume beyond their allowed limit.

D. Generate warnings to users when they approach their allotted storage limit.

Answer: A, NTFS quotas do not allow you to send an email for auditing.

8. In the NTFS permissions system, combinations of advanced permissions are also known as _________ permissions.

A. Special

B. Basic

C. Share

D. Standard

Answer: B, this is not cross-reference-able however it is in the text. I also found this website to be a helpful source of
information

Zacker book, Chapter 3

On to chapter three. As previously mentioned, trying to get through typing out 3 of these chapters and two read. Again, not sure of the
legality of this situation but as Server 2012 will soon be a thing of the past and PDFs of similar books exist as free resources im not
entirely sure that I could get into any kind of trouble for this. Assuming there could be an issue and your a publisher/content creator, please e-mail me with any problems,
NickRbarnes@gmail.com. I suppose I could put that in the first chapter header. Maybe Ill go back and edit that.

If reading for reference please read the header for this post
regarding the answer key situation for these chapters.

In addition if any one knows why lower case S letters display so weird in this theme please use the aforementioned email address as I wish i knew, default font issue?

Select one or more correct answers for the following questions.

1. Which of the following statements are true of stripped volumes?

A. Striped volumes provide enhanced performance over simple volumes.

B. Striped volumes provide greater fault tolerance than simple volumes.

C. You can extend striped volumes after creation.

D. If a single physical disk in the striped volume fails, all of the data in the entire volume is lost.

Answer: A,D striped volumes provide excellent read write I/O numbers however they offer none of the resiliency that comes with
a RAID-5 or mirrored volume. The fault tolerance is no more or less than a simple volume as there is no parity data and you cannot extend them.

2. Which of the following are requirements for extending a volume on a dynamic disk?

A. If you want to extend a simple volume, you can use only the available space on the same disk, if the volume is to remain simple.

B. The volume must have a file system before you can extend a simple or spanned volume.

C. You can extend a simple or spanned volume if you formatted it using the FAT or FAT32 file system.

D. You can extend a simple volume across additional disks if it is not a system volume or a boot volume.

Answer: A, D, for more information check this TechNet article on the subject

3. Which of the following are not true in reference to converting a basic disk to a dynamic disk?

A. You cannot convert a basic disk to a dynamic disk if you need to dual boot the computer.

B. You cannot convert drives with volumes that use an allocation unit size greater than 512 bytes.

C. A boot partition or system partition on a basic disk cannot be extended into a striped or spanned volume, even
if you convert the disk to a dynamic disk.

D. The conversion will fail if the hard drive does not have at least 1 MB of free space at the end of the disk.

Answer: C, D this one doesn’t have a reference check answer but there is an older TechNet article.

4. Which of the following Server 2012 features enables users to access files that they have overwritten?

A. Offline files

B. Parity-based RAID

C. Windows Installer 4.0

D. Volume Shadow Copies

Answer: D, there’s no answer key for this one but that’s the only technology that allows you to revert back to previous versions and things like that

5. Which of the following RAID levels yields the largest percentage of usable disk space?

A. RAID 0

B. RAID 1

C. RAID 5

D. RAID 6

Answer: C, however 5 and 6 are similar. Here’s an article with good visuals concerning the topic of raid 5 vs raid 6

6. To use Shadow Copies you must enable the feature at which of the following levels?

A. the file level

B. The folder level

C. the volume level

Answer: C, check out this Shadow Copies article on TechNet which seems to say
the same thing as the book but there is no answer key for this one.

7. Which of the following are not true about differences between network attached storage (NAS) devices?

A. NAS devices provide a file system implementation; SAN devices do not

B. NAS devices must have their own processor and memory hardware; SAN devices do not require these components

C. NAS devices require a specialized protocol, such as Fibre Channel or iSCSI; SAN devices use standard networking protocols.

D. NAS devices must run their own operating system and typically provide a web interface for administrative access; SAN devices
do not have either one

Answer: C, I had a hard time with this one as the wording while studying for this amount of time in the day made my brain hurt.
Hoping its like working out and that it just makes you more able to think harder as time progresses so far thats proving to be true.
I also havent seen a question like this before so its essentially new material. regardless, lets go through what I know so far and save technet
links for a li at the end. Not sure about C, b is for sure true about NAS, not sure if its true about SAN devices. D is true about NAS. MAybe
I just dont know any thing about SAN devices. Maybe thats a good place to start. Ok after reading the listed below links, b is true for san so is A & D so
C is a pretty safe bet.

    SAN vs NAS

  • SAN
  • NAS
  • 8. Which of the following volume types supported by Server 2012 do not provide fault tolerance?

    A. Striped

    B. Spanned

    C. Mirrored

    D. RAID-5

    Answer: A,B, neither of those have fault tolerance. See the RAID wikipedia and understand that A = raid 0, spanned is just one disk on
    more than one volume and raid 5 contains parity data. This is
    interesting and relevant as well.

    9. A JBOD drive array is an alternative to which of the following?

    A. SAN

    B. SCSI

    C. RAID

    D. iSCSI

    Answer: C, JBOD apparently means just a bunch of (unorganized) disks.

DHCP and DNS hangout pt 2

I was a little late to this one due to some confusing about scheduling and thinking it was getting rescheduled but I learned it wasnt rescheduled
but I still managed to learn some really good things about tombstoning and DNS record management. There are some confusing procedures and policy’s
around these technologies.

Any way heres the video, more chapter reviews coming today. Trying to get 3 chapters published today.

Heres some links as well:

Here is part one as well, in case you get really excited

Zacker book, Chapter 2

Moving on to chapter 2, Ive read about half this book but still find it really helpful to go through questions in this format. Its like
learning to paint and draw, the drawing helps you to paint and knowing where the paint goes helps you to make the line. When I first
started to paint and draw in realistic format I was awful but I knew it was some thing I had to do for my self. This seems similar only
maybe more important. So maybe by doing the html ref ill figure out where the color goes as opposed to just making sloppy line drawing
after sloppy line drawing. Then progressively my sloppy line drawings start to show that I understand line and value. Hopefully you have
a story that you can assimilate to that one.

Please read the header for this post
regarding the answer key situation for these chapters.

1.Which features must you remove from a full GUI installation of Server 2012 to convert it to a Server Core installation?
(choose all that apply)

A. Windows management instrumentation

B. Graphical Management Tools and infrastructure

C. Desktop Experience

D. Server Graphical Shell

Answer: B,D one thing you will see when this question comes up is the repetition of the fact that the windows “desktop experience”
in not installed by default and WMI has nothing to do with the gui as, from what I understand, it runs as a service so you can use server manager
from another computer to manage a server core installation. Please correct me if I am wrong.

2. Which of the following NIC teaming modes provides fault tolerance and bandwidth aggregation?

A. Hyper-v Live migration

B. Switch independent mode

C. Switch dependent mode

D. Server graphical shell

Answer: B, I found this to be a useful link with lots of back story as I was going through this. One thing that you will find
when prepping for this test is that if you start as a complete nub sauce on a fast track to failsville, like me, you need to probably triple
any book that you come across to even get a starting vantage point for understanding. Any way heres a link to a series of articles on
hyper-v networking.

YouTube is also a great place to search for information so heres a bit from youtube that google came up with, this can be really
informative “click-hole” to search through. This particular video is a little confusing if you have zero background in Hyper-v networking
but thats ok because every thing you read and watch will get you a little closer to understanding.

3. Which of the following command-line tools do you use to join a computer to a domain?

A. Net.exe

B. Netsh.exe

C. Netdom.exe

D. Ipconfig.exe

Answer: C, which should be apparent after checking the links.

4. Which of the following statements about Server Manager is not true?

A. Server manager can deploy roles to multiple servers at the same time

B. Server manager can deploy roles to VHDs while they are offline

C. Server manager can install roles and features at the same time

D. Server manager can install roles and features to any windows 2012 server on the network

Answer: A, however there may be some additional explanation on D, if your running R2 be sure that .NET 4.0 is installed. Check here for further explanation.

5. Which of the following operations can you not perform on a service using Server Manager? (apply for shoes….I mean choose all that apply, dare)

A. Stop a running service

B. Start a stopped service

C. Disable a service

D. Configure a service to start with the computer starts

Answer: C,D both of these can be done through services.msc or powershell

6. Name two methods to assign a static IP address to a computer using server core.

A. Server Manager & netdom.exe

B. netdom.exe and IPv4 properties sheet

C. The IPv4 properties sheet and the netsh.exe command

D. The netsh.exe command and WMI in powershell

Answer: D, also this command is helpful in this situation new-netipaddress
or for a more complicated approach try this WMI script

7. Before you can deploy roles to multiple remote servers, what must be done?

A. Perform an in-place upgrade to Server 2012

B. Ensure the remote servers are patched sufficiently

C. Add the remote servers to server manager

D. Perform a full backup

Answer: This was previously covered under another question but there is no “official” answer here but realistically given
that we dont know if these are 2012, 2012 R2 or even older machines the answer is B and C, if its a 2012 machine and so are all the others its just C, samee with R2
other wise .NET updates would be required.

8. What utility allows you to install components to multiple servers at once?

A. The Add Roles and Features Wizard only

B. Both Add roles and Features Wizard and Widows PowerShell

C. Windows PowerShell only

D. The Minimal Server Interface

Answer: C, only powershell scripts allow you hit multiple servers with roles and features in one shot

9. What method is available to install roles and features on another 2012 box using PowerShell?

A. Use the Install-WindowsFeature command and an exported config file (.ini?)

B. Use the Install-WindowsRole command and an exported config file (.ini?)

C. Use Server Manager and the proper tile

D. It is not possible using Windows PowerShell

Answer: A, I noted the .ini part as its not specified but im assuming thats what they are referring to. This is a grey area though
as i am completely new to the creation of and existence of these types of files.

10. What is the key principle to delegating server administrative tasks?

A. Granting users the tasks they feel most comfortable doing

B. Granting users only the permission they need to perform the task delegated to them by the organization

C. Assign the delegated tasks to the person most likely to benefit

D. Assigning enough permissions to do the delegated tasks as well as anticipated tasks

Answer: B seems obvious and I have yet to see this in any other test prep material.

Thats all for tonight, These arent taking as long as others so 2-3 of these a day shouldn’t be overly taxing given that my free time
maintains this state.

Zacker book, Chapter 1 questions

Moving on to the next book, I haven’t read this one yet so Ill be reading the chapters and doing this at the same time
im expecting it take 20-30 days then its ye old test time again. I need to get into contact with CED about my measure up
test prep questions because it says they are expired and I should have a little while left on them. Like 4 monthsish. Hopefully
that can be sorted out and im not pushing the clock too hard in this situation. Regardless, im believer that hard work pays off, I
mean I guess you have to be right? Any way on to the Zacker Server 2012 book. Two chapters a day would be nice and I think its doable
if I really push my self. These dont come with answers so you may not be able to trust me to fully come up with the right answer but
I will try to reference TechNet and check the chapters as much as possible.

Whilst in the process of article creation I came across a PDF that shared many of the same questions and answers that was also written by
a mister C. Zacker. Assuming its the same guy so the answers should be more in the 90% correct range. Obviously you would think that I would
just reference the material as written but with situational questions that doesnt always work given that logic is involved. However I will do
my best to indicate cross reference answer checks and text answer checks so “grey” areas are apparent.

1. Which of the following roles implement (odd word choice to convey function as) what can be classified as infrastructure services? (choose all that apply)

A. DNS

B. Web Server (IIS)

C. DHCP

D. Remote desktop Services

Answer: A, C im assuming they mean infrastructure services to mean some thing that supports your network. This is possibly
not testable as its very loose term. Not cross check-able but it seems to be line with the previous chapters text.

2. Which of the following is a valid upgrade path to Server 2012 R2?

A. Server 2003 Standard to Server 2012 (regular edition? wtf does “Standard mean”)

B. 2008 to 2012

C. 2008 R2 32 bit to 2012 64 bit

D. windows 7 ultimate edition to 2012 essentials

Answer: B, the wording of this “Standard edition” is a little questionable but you can go from a client OS to server on an upgrade path
(upgrade paths are usually not the best way to go any how) you also cant change architecture types (this is mystifying to me).

3. Which feature must you add to a windows server 2012 server core installation to convert it to the minimal server interface?

A. Graphical management tools and infrastructure

B. Server graphical shell

C. PowerShell

D. MMC

Answer: A, if you clicked the link it kind of gave it away. Any way here’s a helpful, yet silent (I really hate that, plz narrate) video on the topic at hand.

]

4. What is the directory where windows stores all of the operations system modules it might need to install at a later time?

A. Windows

B. System32

C. Bin

D. WinSxS

Answer: D, this is kind of newer thing to have optional uninstalled windows feature that still take up disk space but it
stores them in the WinSxS dir starting with Vista.

5. Which of the following are valid reasons why administrators might want to install their 2012 servers using server core?
(choose all that apply)

A. A Server core installation can be converted to the full GUI without reinstalling the OS.

B. PS 3.0 in has way more commands than 2.0

C. The new Server manager in in 2012 makes in easier to admin remotely

D. A 2012 core license is cheaper

Answer:A,B There’s a lot of BS in here but the primary reason being the attack surface is smaller. Other than that its all true except
for D. However upon cross checking the other material indicates that B is not really a reason to install core over the full GUI which makes sense

6. Server 2012 requires what type of CPU architecture?

A. 64 bit only

B. 32 or 64 bit

C. any processor provided that its an actual physical processor

D. Minimum dual core

Answer: With any basic knowledge you can eliminate two answers with no product knowledge, c, d. I really like this
“explanation” about hardware requirements
which indicates that the answer is A

7. What is the minimum system requirements for memory to run all editions of Server 2012

A. 356 MB RAM

B. 512 MB RAM

C. 2 GB RAM (yes plz)

D. 4 GB RAM

Answer: Surprisingly its b, some thing tells me its better judgment if you plan on using the machine for much other than a paper
weight to add more ram than 512mb

8. What is the default installation that occurs when installing Server 2012?

A. Server Core

C. Start up GUI

D. PowerShell

Answer: A, obviously its not powershell nub.

9. What Windows server 2012 roles would install to provide network resources to remote users?

A. Network Policy and Access Services

B. (routing (word not used in book)) and Remote Access

C. WDS

D. Web Server (IIS)

Answer: B, without the routing word missing this is the only appropriate answer. Here is a prop
paper for small business owners on the topic and here is the RRS page.

10. What Server 2012 role enforces security policies for network users?

A. Network Policy and Access Services

B. (again)Remote Access

C. Active Directory Rights Management Service

D. Remote Desktop Services

Answer: A, this one doesnt cross reference and the wording is sketchy but A is the only one that deals with client health
and things of that nature.

Question 50

Match the letters below with the corresponding numbers. (i tried to use a table but thats pushing the limits
of tumblr HTML, ie i couldnt get it to work)

1.A record

2.CNAME record

3.AAAA record

4.PTR record

5.MX record

6.SVR record

A.Alias record

B.Enables reverse lookups for a host record.

C.A host resource record maps the FQDN of any computer in the domain to its
IPv4 address.

D.Identify’s the exchange mail sever responsible for managing mail flow in
your organization.

E.Used by services such as active directory domain services or applications like office communicator use specific protocols that
enable communication.

F. This record maps the FQDN of any computer in the domain to its IPv6 address.

Answer:1:C, 2:A, 3:F, 4:B, 5:D, 6:E. This wasnt as complicated for formatting as I wanted it to be
Was hoping to get to use some additional coding but regardless heres the answer. Hopefully its legible.

Part 7 of questions from Q

Well we have almost reached the end of this round of questions. next step, read the next book, do the questions (that have no answers)
and take the test again. Most likely fail the test, then look for gaps in knowledge that are noted here, try some other sources for test
prep questions. Probably measure up, so long as they dont stay in the “expired status.” I asked about this before they became expired and I
was assured that it was ok and that I would still have use of them. Havent tried to actually use one yet but we will see how it goes. Not sure
at that this point that they are worth paying for by any means necessary. On to today’s breif study and then fixing the bolding text in the previous
questions.

61. You would like to review the default user rights for administering your ADDS
domain granted to the various built in groups in contained within Server 2012, you open the
GMPC
and then what should you do from there to view group rights assignments? (hoping I got the verbage
correct as thats indeed a re-write)

A. Right-click the Defualt Domain Policy GPO
& select edit. In the Group policy mangement editor (see previous link), navigate to the
computer configurationpolicieswindowsettingssecuritysettingslocal policiesuser rights assignment node and select this node.
View the default user rights in the details pane.

B. Right-click the Default Domain Policy GPO and select edit. In the Group Policy management editor, navigate to the
user configurationpolicieswindows settingssecurity settingslocal policiesuser rights assigment node, and select it. View the default
user rights in the dtails pane.

C. Right-click the default domain controllers policy GPO and select edit.. In the group policy management editor navagate to the
computer configurationpolicieswindows settingssecurity settingslocal policiesuser rigts assignment node & select ths node. View the
default user rights in the details pane.

D. right-click the default domain controllers policy GPO and elect Edit. In the GPME, navigate to
user configurationpolicieswindows settingssecurity settingslocal policiesuser rights assignment node, and select this node. View the
default user rights in the details pane.

Answer: C, So this is where I get conflicted about providing enough details to be through in question asking. Here
we are clearly providing enough material to be through but theres so much info it almost becomes confusing. Are the questions posed
perfect as is? certainly not and theres more than enough “red herring” material but the wise can eventually cut through the “B.S.”
it just seems to take longer. Im not sure that Ive found this to be the same case in testing scenarios however. Any way, the answer is
B given that they are talking about individual logins and not computer accounts which is some thing im assuming but again its not
entirely clear about that. Just reading between the lines again.

62. Your domain contains 6 Server 2012R2 member servers and 80 8.1 workstations. Users preform
their work using an in-house application App1.exe. App1 is updated on a monthly basis. Corporate policy states
that all users must use the latest version of app1exe. How can you enforce this rule? (choose two)

A. Create a software restriction policy using an application executable rule.

B. Create a windows installer rule.

C. Create an AppLocker rule to restrict older versions of the application.

D. Use group policy to publish all instances of the application.

Answer: A and C, im assuming they dont reinstall the app once a month. There are some tricky
verbiage words regarding software restriction policies regarding if its a hash rule or an executable rule
that are worth reviewing. That info is on TechNet here &
here as well as few other places
but its for sure worth understanding the practical differences between the different types of rules. Applocker
policy’s are a little more straight forward.

63. David Doss has used Windows firewall with Ad Sec on a Server 2012 R2 computer named Server3 to configure
several custom outbound and inbound rules. He would like to copy these rules to another computer named Server4
which also runs Windows Server 2012 R2. What should he do to accomplish this task with the least amount of administrative
effort?

A. Use the netsh advfirewall dump command at Server3 to copy the windows Firewall
with advanced security rules. Then use the netsh advfirewall reset command on Server4 to restore the rules
on this computer.

B. Use the wbadmin util on Server3 to back up the firewall rules

C. in the MMC open win firewall with ad sec snap-in on Server3, right-click inbound rules
and select export policy. After saving the export file, go to Server4 right-click inbound rules, and
select import policy. Click yes, specify the name of the policy file to be imported, and then click open. Then
repeat this procedure with the Outbound Rules node.

D. In the windows firewall w/ ad sec snap-in on Server3, right click the windows firewall with ad sec and
select export policy. After saving the export file, go to Server4 right-click windows firewall with ad sec and select import
policy. Click yes, specify the name of the policy to be imported then click open.

Answer:So heres a helpful link to some firewall PS commands but
they stil dont exactly answer this question however upon further reading into the TechNet links im feeling pretty confident that
the answer is D.

64. You have recently installed a new 2012 R2 file sever, Server1. You attempt to ping Server1 but receive a
“Request Timed out” message. You log on locally to Server1 & confirm that all IP address information
is correct. You can successfully ping your default gateway from Server1. You also verify that you can
access the web and other local network resources. What should you check?

A. Verify that the latest service pack is enabled on Server1.

B. Verify that the windows remote access service is started.

C. Verify that the appropriate inbound firewall rule is enabled for Echo Request ICMP.

D. Verify that the appropriate inbound firewall is enabled for Remote Access.

Answer: In ping is failing the answer is C given that there are no other scenarios that im missing while following this logic
train. Q confirms C

65. You are the administrator for StevieBsChickinALaKingALaCarte.com. Your network consists of 150
150 windows 8.1 client computers and 5 Server 2012 R2 member servers. Your development team creates a new application that you need to host on
AppServer1, one of the Windows Server 2012 R2 member servers. The Application installs a new service that listens on TCP port 5432.
Client computers use this service to interact with the application. AppServer1 also sends regular alerts toa
monitoring server using TCP port 4567. You notice that clients are unable to access the application hosted on AppServer1.
The alerting function is working properly. You realize that you didnt configure the Firewall rule on App Server1.
What do you need to configure?

A. An inbound rule to allow connection to TCP port 5432

B. An inbound rule to allow connections to TCP port 4567

C. An outbound rule to allow connections to TCP port 4567

D. An outbound rule to allow connection to TCP port 5432

Answer: A, these are kind outside of my understanding as im not exactly class room trained and Ive found few
technet articles demonstrating the line of thought necessary for understanding these types of scenarios.

66. You are a systems administrator for StevieBsChickinALaKingALaCarte.com. You configure
a new Server 2012R2 member server named Server1. You need to configure a windows firewall rule to allow inbound access for a PPTP VPN.
Which Ports should you enable? Each answer is part of the solution.

A. 1701

B. 1723

C. 47

D. 80

Answer: B,C, I dont know ports from a whole in the ground so this is also a tuff question that to me
seems like it would be a good candidate for googization of an answer. I hope thats proper english haha

Part 6 of test prep questions from source Q….only one more to go

So we are almost done with this set. As discussed previously I may attempt two more sets of questions from other books. I also need to go
back and edit the formatting of some of the earlier ones to keep the bolding in line. This is actually more fun than I thought it would be and
Ive uncovered a few week areas other than the ones that involve math. on to 51-60, hopefully ill get this whole thing done today as its really not
that much work. Kind of disappointing when I cant get 10 done in a day.

51. Your network contains a single AD domain, StevieBsChickenALaKingALaCarte.com. DC1 exists in your main office and contains all FSMO roles. DC2 is located in a branch site connected via
a 10-mbps WAN link. DC2 does not contain any FISMO roles. Due to a situation invloving a tree getting thunder
struck your WAN link goes down and no users can log on. Which FSMO role must you bring online locally to ensure that users can log on.

A. Infrastructure master

B. Domain naming master (read through previous link(s))

C. PDC emulator

D. RID master

Answer: The most basic thing you need to bring online is the C in this legacy server scenario thats simply implied rather than stated. I also started typing the
full text of the answer from Q and im going to leave that here because Im too lazy to use the backspace button. “The PDC emulator is probably one of the more critical roles. It servers as a primary domain controller
for legacy servers such as Windows NT 4.0 client computers authenticating to the domain. Today, the PDC emulator functions to handle daily operations such as logons,
directory maintenance such as object changes or even password changes. This server also acts as a time sync master for the forest”

52. You are the administrator for the StevieBsChickenALaKingALaCarte.com domain which consists of 3 domain controllers and 23 Windows Server 2012 R2 member servers. You plan to
remove DC3. You need to identify which SVR records are registered by DC3. How can you retrieve this information?

A. Run the ntdsutil.exe /SRV

B. Open SRV.dns in %windir% system32config

C. Open netlogon.dns in %windir% system32config

D. Run nslookup /SRV/Server:DC3

Answer: Well are you sitting at the machine or are you trying to do this remotely? Some of these look like remoting. Personally I think its C but im not absolutely certain about that.
Q confirms that C is correct.

53. Your network consists of a single Active Directory domain-StevieBsChickenALaKingALaCarte.com Currently, two domain controllers exist.
DC2 is a Winders Server 2012 domain controller holding the PDC emulator role. DC1 is a Windows Server 2008 R2 file and print server named Server1.
You need to perform an offline domain join of Server1. How can you accomplish this?

A. Run dsadd.exe to join Server1

B. Upgrade DC1 to Windows Server 2012

C. Transfer all FSMO roles to DC2

D. Run Djoin.exe to join Server1

Answer: D, not a whole lot worth explaining on this one.

54. Your network consists of a single Active Directory domain pearson.com. You need to
retrieve a list of all servers along with the last time they authenticated with ADDS. Which cmdlet can you use to accomplish this?

A. Get-ADComputer and specify the last logon property

B. Get-ADServer and specify the last logon property

C. Get-ADLastLogon

D. DSquery ADServers

Answer: A but your also going to have to specify server names if you only want servers.

55. You are the administrator for StevieBsChickenALaKingALaCarte.com. You have recently created a new share, Share1 located in the
pasta.StevieBsChickenALaKingALaCarte.com child domain. You grant access to share1 using a global group named PastaUers. A Domain Local
distribution group, PastaDist is located in the parent domain StevieBsChickenALaKingALaCarte.com. You need to allow members in PastaDist
access to share1. What must you do first

A. Convert Group1 to a universal security group.

B. Convert Group1 to a domain local security group.

C. Convert Group1 to a global distribution group.

D. Convert Group1 to a universal distribution group.

Answer: One this is for certain is has to be a universal group because it needs access to resources in another domain and you cant go local to global,
you have to go to universal first. So that narrows are starting point to D or A. Im assuming that you can do two steps at once so since its already a distro group im going with D. Per Q the answer
is actually A so I was wrong.

56. AS the only network admin for your company you are feeling overwhelmed with the increased administrative overhead of supporting the business.
The company has recently expanded so mike decides to bring on a junior administrator. He wants to ensure that the new junior administrator is only able to link and unlink GPOs that are
created for computers located in the Poultry OU. Mike uses the Delegation of Control Wizard on the Poultry OU. Shortly after, Mike needs to make a
change to what he has previously delegated. How can Mike view the existing authority for Jr. Admin and make the necessary changes?

A. Modify the permissions in the security tab of the Poultry OU

B. Add the junior admins user account to the domain admins group

C. Add the junior admins user account to the local admins group on all warehouse workstations

D. Add the junior admin’s user account to the Enterprise Admins group.

Answer: generally the best answer for these scenarios is “use the delegation of control wizard” and its never make a
person any sort of global admin so with that being the case I think the only viable answer would be A

57. You work for a company that contains a single active directory forest. The forest contains two
domains: StevieBsChickenALaKingALaCarte.com and Sauce.StevieBsChickenALaKingALaCarte.com. You are the senior systems engineer for StevieBsChickenALaKingALaCarte.com
You have recently acquired three new branch sites, each containing a DC, a file server and an application server. One of the tasks on your plate is to
standardize backups across the domain. Part of the solutions requires you to ensure that members of the doamin group
BackupAdmins are added to the local Backup Operators group on all servers in the domain. How can you do this with the
least administrative effort?

A. Log in to each server and add the domain BackupAdmins group to the local Backup Operators group.

B. Configure a restricted group for StevieBsChickenALaKingALaCarteBackupAdmins.

C. Configure a restricted group for the local Backup Operators group on each server.

D. Nest the local Backup Opperators group in the StevieBsChickenALaKingALaCarteBackupAdmins group.

Answer: so this term “restricted group” gets a bit muddy. What does this even mean? I have no idea honestly, logically its like the “print
device” scenario discussed earlier. Isnt every created group a “restricted group”? TechNet
has this to say about restricted groups “Restricted groups allow an administrator to define two properties for security-sensitive groups (that is, "restricted” groups).“
So yeah you could just say "group” and specify a domain verb like local, global, or universal (even those two are almost the same).Im not sure if this
requires extra work when writing questions or what but its a fairly common theam. Any way, the answer is B.

58. In your domain all DCs run Server 2012R2 with the exception of one legacy 2008 DC. Your domain consists of 20 windows server 2012 member servers located in
the servers OU and 150 Windows 8.1 client workstations located in the Workstations OU. You need to create a group named Group1 on all servers in the domain. No other
computer should receive this group. What should you configure.

A. A local users and groups preference setting linked to the Servers OU

B. A local users and groups preference setting linked to the domain

C. A restricted groups setting linked to the domain

D. A restricted groups setting linked to the Servers ou

Answer: So clearly you need to make a group, again in spite of the conflicting nomenclature jargon
(not sure what type of people this program is supposed to produce?), that is linked to servers specifically
and not the domain in general. So with no clue as to the intent of group on, meaning I dont know if this is a “computer” type ou that has nothing to do
with logins or if it needs to be an account with a login/pw associated with it. Very confusing terms here, maybe you need to email servers?
I mean I understand the purpose behind this loose logic of test prep questions but its still annoying. That said im assuming its D. I was wrong, Q says its A.

59.Which Powershell cmdlet can you use to create a new GPO?

A. Add-GPO

B. New-GPO

C. Set-GPO

D. DSAdd.exe /NewGPO

Answer: B, thank goodness for the easy ones that dont require much typing and
have more logical answers.

60. Your company has hired a new chief security officer. One of her requirements is to ensure
that all local administrator accounts receive UAC prompts when any elevated task is preformed. You plan to implement
this via a group policy. What is the appropriate location for configuring these policies?

A. Security SettingsLocal Policies

B. Security SettingsAccount Policies

C. Security SettingsWindows Firewall with Advanced Security

D. Security settingsApplication control policies

Answer: This is very specific question and im honestly not sure but I know it isnt C and proably not D, Account policies
doesnt exactly make sense but A may not be right, however Q confirms A.

Part 5 of 7?…..more questions from Bazze…i mean Q

On to part 5, part 4 went mostly well. Currently reading another book
that has test prep questions but doesnt have the answers. I might try to tackle these in this format at some point in the future. However as the release candidates for 2016 are upon us im not sure of
the validity or usefulness of this process. Thats kind of irrelevant to the point of learning html and server though. Not to delve too far into the personal zone but I had a job interview
of sorts that went fairly well. Im pretty sure I was interviewed by a dementor but I actually appreciate playing hardball
and asking real questions that demand real answers. Its not easy to explain the reasons for having large resume gaps or that you functioned as a tattooer previously while trying to couple that
with very relevant small business skills that translate fairly well into large scale deployments. Regardless, more test prep questions and TechNet articles.

41. Lucrecita is the systems admin for StevieBsChickenALaKingALaCarte.com which is currently established as a single domain. All the servers run either 2012 or 2012R2. Recently she notices that the
hard disk on DHCP server named Server6 has failed. She installs a new harddisk performs a bare metal restore from a recent backup. Lucrecita must ensure that DHCP clients do not receive IP addresses that have
already been leased to other DHCP clients what option should she configure?

A. Set the DHCP server option 47 to 0

B. Set the DHCP server option 47 to 1

C. Set the Conflict Detection value to 0.

D. Set the Conflict Detection value to 1.

Answer: D, enabling conflict detection ensures that an ip is only leased to one client. Q goes on to inform us that DHCP uses the
ping command to verify that address is not currently in use

42. Your network consists of two subnets. Users on Subnet1 complain that they are unable to access any resources outside of their subnet. No other users from any other subnet are experiencing the issue.
You review the DHCP configuration for Subnet1 and notice that the Router option does not exist. Which option allows you to specify the ip address of the
router or default gateway?

A. 044 WINS/NBNS servers

B. 003 Router

C. 066 Boot Server Host Name

D. 030 Router

Answer:Per Q the answer is B, personally I honestly have no idea, I understand the concept but for all practical purposes once you understood the concept
couldnt you Google the answer? Or is that me being lazy from the prospect of memorization?

43. The StevieBsChickenALaKingALaCarte.com (why cant I just say contoso?) network contains a single forest. Sauce.StevieBsChickenALaKingALaCarte.com, chicken.StevieBsChickenALaKingALaCarte.com and noodles.StevieBsChickenALaKingALaCarte.com
are child domains. Mike is the admin of Sauce.StevieBsChickenALaKingALaCarte.com and Bob is the admin for Chicken.StevieBsChickenALaKingALaCarte.com. Mike needs to
authorize a DHCP server for his domain. What does Mike need to do to authorize his server?

A. Authorize the server in the StevieBsChickenALaKingALaCarte.com parent domain

B. Authorize the server in Sauce.StevieBsChickenALaKingALaCarte.com

C. Authorize the server in all domains in the forest

D. Authorize the server in Chicken.StevieBsChickenALaKingALaCarte.com

Answer: obviously the answer to this is going to vary based on the scope/subnet that the server is supporting but given that
the question posed seems to be indicating that the server will be serving addresses to the sauce clients im going to assume that its B. However it could
be necessary to authorize the server globally in order for it to serve the sauce clients IP’s specifically but that doesnt seem overly
logical from a practical stand point as it could lead to some problems with conflicts and so forth. Q confirms the intent was B

44. Which of the following messages are exchanged between an IPv6 client computer and DHCPv6 server when requesting configuration
information? Choose all that apply and pick a proper sequence in which the messages are exchanged.

A. Discover

B. Offer

C. Advertise

D. Request

E. Solicit

F. Confirm

G. Reply

Answer: C, D, E, G I havent included images in these before but I think this one is helpful even though its for IPv4 because we should be aware of the differences right?
Im not exactly sure why the IPv4 DHCP process is so much simpler but its not horrible confusing by comparison. Subnetting on the other hand is awful.

 photo IC196966_zps3k6j9vt6.gif

45.You are the administrator for the StevieBsChickenALaKingALaCarte.com domain. You are installing a new development server named Server1. You need to make sure Server1 does not receive any
IP addresses from the DHCP server, Server2. What should you configure to accommodate this?

A. DHCP Exclusion

B. DHCP Reservation

C. DHCP Filter

D. DHCP Block Service

Answer: To block a specific client or device from obtaining a ip address from a DHCP server you would configure the mac address into an exclusion rule, A. I was way off, per Q its C

46. Tai is the systems administrator for a company that operates an ADDS network consisting of a single domain. The company has
been using a Windows 2000 server running WINS as a solution for DNS in the network. As part of a mve to decommission all older server and convert the
network to using Windows Server 2012 R2 servers exclusively, Tai needs to configure DNS to provide forest-wide single name resolution. What should she do?

A. Create a secondary zone named GloablNames. Add host (A) resource records for all computers that require single name resolution. Then create corresponding secondary zones on all other DNS
servers on the network.

B. Create an Active Directory-integrated zone named GlobalNames. Add A records for all computers that require
single name resolution.

C. Create SVR Records for all computers that require single name resolution.

D. Create CNAME records for all computers that require single name resolution.

Answer: B, I honestly had no idea on this one so I should study this technology more.

47. Server1 is a Windows Server 2012R2 server with the DNS role installed. You need to review the root hints for Server1. What steps should you take to accompish this (each answer is a complete solution and you need to
pick two)

A. Open the %systemroot%system32dnscache.dns file on Server1 using notepad.exe

B. Open the %systemroot%systemdnscache.dns file on Server1 using notepad.exe

C. Use the root hints tab of the DNS Server Properties dialog box.

D. Use the HLKMDNS registry hive.

Answer: So you clearly need to view the root hints by opening the cache file, now its a mater of location. My guess is
B but it is most assuredly a guess. The second answer, well any time i see the phrase “hive” I get a little nervous as they are talking about a collective
of programming entries and im not a programmer so in my ignorance I pick C or find a coder to as. Well per Q I was on the right track but its in the ~32 folder so A,C

48. Your network consists of a single Active directory domain named StevieBsChickenALaKingALaCarte.com The domain contains a domain controller named DC1 that hosts the primary DNS zone for the company. All of the 8.1 client machines are
configured to use DC1 as the primary DNS server. You need to configure DC1 as the primary DNS server. You need to configure DC1 to use your
ISP’s DNS server to resolve all name resolution requests that fall outside of StevieBsChickenALaKingALaCarte.com. What should you configure?

A. An AAAA Record containing your ISP’s DNS server.

B. A forwarder containing your ISP’s DNS server.

C. A forward lookup zone for your ISP.

D. A reverse lookup zone for your ISP

Answer: So with what little I know Im assuming this going to be some form of forwarder and after checking the links its for sure B & Q confirms

49. You are the admin for (you guessed it) suzuie wongs hous…StevieBsChickenALaKingALaCarte.com. You have just installed your first DC to create the domain and you need
to replace the configuration for DNS to send any unresolved DNS client queries and all external queries to your ISPs DNS server.
Which PowerShell cmdlet must you execute to accomplish this objective?

A. Add-DNSServerForwarder

B. Add-DNSServerPrimaryZone

C. Set-DNSServerforwarder

D. Set-DNSServerPrimaryZone

Answer: Well first you need to create a zone so you need to create a primary zone then you need to create a forwarder. Theres so many questions about configuration
with this one Q. Why so vague? Theres also a PS issue here because A will ad but not replace so to set you need to run C

50. We are going skip this question but spend some time on the one above, for now. Perhaps we will revisit but its a long table
describing DNS record types. I recommend Learn DNS as it has all the basic definitions, not a bad place to start

Powered by WordPress.com.

Up ↑