Well we have almost reached the end of this round of questions. next step, read the next book, do the questions (that have no answers)
and take the test again. Most likely fail the test, then look for gaps in knowledge that are noted here, try some other sources for test
prep questions. Probably measure up, so long as they dont stay in the “expired status.” I asked about this before they became expired and I
was assured that it was ok and that I would still have use of them. Havent tried to actually use one yet but we will see how it goes. Not sure
at that this point that they are worth paying for by any means necessary. On to today’s breif study and then fixing the bolding text in the previous
61. You would like to review the default user rights for administering your ADDS
domain granted to the various built in groups in contained within Server 2012, you open the
and then what should you do from there to view group rights assignments? (hoping I got the verbage
correct as thats indeed a re-write)
A. Right-click the Defualt Domain Policy GPO
& select edit. In the Group policy mangement editor (see previous link), navigate to the
computer configurationpolicieswindowsettingssecuritysettingslocal policiesuser rights assignment node and select this node.
View the default user rights in the details pane.
B. Right-click the Default Domain Policy GPO and select edit. In the Group Policy management editor, navigate to the
user configurationpolicieswindows settingssecurity settingslocal policiesuser rights assigment node, and select it. View the default
user rights in the dtails pane.
C. Right-click the default domain controllers policy GPO and select edit.. In the group policy management editor navagate to the
computer configurationpolicieswindows settingssecurity settingslocal policiesuser rigts assignment node & select ths node. View the
default user rights in the details pane.
D. right-click the default domain controllers policy GPO and elect Edit. In the GPME, navigate to
user configurationpolicieswindows settingssecurity settingslocal policiesuser rights assignment node, and select this node. View the
default user rights in the details pane.
Answer: C, So this is where I get conflicted about providing enough details to be through in question asking. Here
we are clearly providing enough material to be through but theres so much info it almost becomes confusing. Are the questions posed
perfect as is? certainly not and theres more than enough “red herring” material but the wise can eventually cut through the “B.S.”
it just seems to take longer. Im not sure that Ive found this to be the same case in testing scenarios however. Any way, the answer is
B given that they are talking about individual logins and not computer accounts which is some thing im assuming but again its not
entirely clear about that. Just reading between the lines again.
62. Your domain contains 6 Server 2012R2 member servers and 80 8.1 workstations. Users preform
their work using an in-house application App1.exe. App1 is updated on a monthly basis. Corporate policy states
that all users must use the latest version of app1exe. How can you enforce this rule? (choose two)
A. Create a software restriction policy using an application executable rule.
B. Create a windows installer rule.
C. Create an AppLocker rule to restrict older versions of the application.
D. Use group policy to publish all instances of the application.
Answer: A and C, im assuming they dont reinstall the app once a month. There are some tricky
verbiage words regarding software restriction policies regarding if its a hash rule or an executable rule
that are worth reviewing. That info is on TechNet here &
here as well as few other places
but its for sure worth understanding the practical differences between the different types of rules. Applocker
policy’s are a little more straight forward.
63. David Doss has used Windows firewall with Ad Sec on a Server 2012 R2 computer named Server3 to configure
several custom outbound and inbound rules. He would like to copy these rules to another computer named Server4
which also runs Windows Server 2012 R2. What should he do to accomplish this task with the least amount of administrative
A. Use the netsh advfirewall dump command at Server3 to copy the windows Firewall
with advanced security rules. Then use the netsh advfirewall reset command on Server4 to restore the rules
on this computer.
B. Use the wbadmin util on Server3 to back up the firewall rules
C. in the MMC open win firewall with ad sec snap-in on Server3, right-click inbound rules
and select export policy. After saving the export file, go to Server4 right-click inbound rules, and
select import policy. Click yes, specify the name of the policy file to be imported, and then click open. Then
repeat this procedure with the Outbound Rules node.
D. In the windows firewall w/ ad sec snap-in on Server3, right click the windows firewall with ad sec and
select export policy. After saving the export file, go to Server4 right-click windows firewall with ad sec and select import
policy. Click yes, specify the name of the policy to be imported then click open.
Answer:So heres a helpful link to some firewall PS commands but
they stil dont exactly answer this question however upon further reading into the TechNet links im feeling pretty confident that
the answer is D.
64. You have recently installed a new 2012 R2 file sever, Server1. You attempt to ping Server1 but receive a
“Request Timed out” message. You log on locally to Server1 & confirm that all IP address information
is correct. You can successfully ping your default gateway from Server1. You also verify that you can
access the web and other local network resources. What should you check?
A. Verify that the latest service pack is enabled on Server1.
B. Verify that the windows remote access service is started.
C. Verify that the appropriate inbound firewall rule is enabled for Echo Request ICMP.
D. Verify that the appropriate inbound firewall is enabled for Remote Access.
Answer: In ping is failing the answer is C given that there are no other scenarios that im missing while following this logic
train. Q confirms C
65. You are the administrator for StevieBsChickinALaKingALaCarte.com. Your network consists of 150
150 windows 8.1 client computers and 5 Server 2012 R2 member servers. Your development team creates a new application that you need to host on
AppServer1, one of the Windows Server 2012 R2 member servers. The Application installs a new service that listens on TCP port 5432.
Client computers use this service to interact with the application. AppServer1 also sends regular alerts toa
monitoring server using TCP port 4567. You notice that clients are unable to access the application hosted on AppServer1.
The alerting function is working properly. You realize that you didnt configure the Firewall rule on App Server1.
What do you need to configure?
A. An inbound rule to allow connection to TCP port 5432
B. An inbound rule to allow connections to TCP port 4567
C. An outbound rule to allow connections to TCP port 4567
D. An outbound rule to allow connection to TCP port 5432
Answer: A, these are kind outside of my understanding as im not exactly class room trained and Ive found few
technet articles demonstrating the line of thought necessary for understanding these types of scenarios.
66. You are a systems administrator for StevieBsChickinALaKingALaCarte.com. You configure
a new Server 2012R2 member server named Server1. You need to configure a windows firewall rule to allow inbound access for a PPTP VPN.
Which Ports should you enable? Each answer is part of the solution.
Answer: B,C, I dont know ports from a whole in the ground so this is also a tuff question that to me
seems like it would be a good candidate for googization of an answer. I hope thats proper english haha