Zacker book, Chapter 6

On to chapter 5, only 14 more question sets to go for this round. Leaving my self some room to go through the book again and possibly
go through the Panek book as well. Not sure if I will have time for that before my shots at exams are up but I dont imagine I would want
to quite studying even after those are over as Im sure the knowledge will transfer. However I did pick up a Network + book, I think I
mentioned that previously, as Ive found my fundamental/basic networking skills to be slightly lacking.

Edit: again, Please read the header for this post
regarding the answer key situation for these chapters.

1. Which of the following tasks must you perform before you can manage a remote server running Server 2012 using the
compmgmt.msc (computer management) snap in?

A. Enable WinRM on the remote server.

B. Enable the COM+ Network Access rule on the remote server.

C. Enable the Remote Event Log Management rules on the remote server.

D. Install RSAT on the remote server

Answer: B, this one was actually verifiable, its still probably good to read the RSAT tools link even though it has nothing to do
with firewall rules.

2. Which of the following PowerShell cmdlets can you use to list the existing Windows Firewall rules on a computer running Windows
Server 2012?

A. Get-NetFirewallRule

B. Set-NetFirewallRule

C. Show-NetFirewallRule

D. New-NetFirewallrule

Answer: A,C you could also specify certain parms to have them listed in an orginzed fashion. Like you could use the
Export-Csv

cmdlet to get them really organized
or there are a lot of them I would test the recursive function just to see if it changes the results. Not sure if it would or not
I suppose that would be easy enough to test in a MSFT lab. They do time out rather quickly though.

3. Which of the following updates must you install on a server running windows server 2008 before you can connect to it using Server 2008
before you can connect to it using Windows Server 2012 SrvMan?

A. .NET Framework 3.5

B. .NET Framework 4.0

C. Windows Management Framework 3.0

D. Windows Server 2008 R2

Answer: C and B specifics like this are always a little tricky for me. I suppose I could put some effort into remembering 4.0
In addition here is an article
on this particular subject. Pretty sure Ill remember this one now.

4. When you run Server Manager from a Windows 8 Workstation using Remote Server Admin tools, which of the following elements do
not appear in the default display?

A. The Dashboard

B. The local Server homepage

C. The All Servers homepage

D. The Welcome tile

Answer: B, the local server homepage clearly cant display as your not on a server.

5. Windows Firewall is enabled by default in Windows Server 2012. How are remote management tools affected?

A. Both MMC and WinRM are blocked. You must alter inbound Firewall rules on the remote server.

B. MMC is blocked. You must alter inbound Windows Firewall rules on the remote server.

C. WinRM is blocked. You must alter inbound Windows Firewall rules on the remote server.

D. Neither MMC not WinRM is blocked.

Answer: B is true but a brings up an interesting point, at least to me, is server manager considered part of WinRM? Im assuming its the
same thing and you should be able to add any server in your domain to your Server Manager console as long as its a 2012 sever
without any issues. If you had trouble with that check out this TechNet article
on the subject indicating that WinRM should allow you to add any server in your domain. As MMC is kind of an out of date technology
it is not enabled by default and requires firewall configuration even inside the domain. Powershell remote management is very similar
but as with adding a server to your server manager it to requires you to specify credentials when accessing, for more info on that
check here

Theres also a video on this topic however you dont see him specify any kind of domain credentials when he adds a server to server manager
so perhaps we should investigate further so we are certain about this process. Any way for starters heres that video which is helpful for
question 8 as well as this guy is running server manager from a desktop

Ok so if we check with Technet on adding servers to server manager
about a third of the way down the page it goes into the process of providing those and it seems like it would be an intuitive process after use
as it basically describes it as being similar to a UAC prompt only you are only asked the first time and they are cached. So dont leave your
machine unlocked! That said, I dont have the luxury of using server so hopefully I dont miss an overly complex scenario question on the subject.

6. How can you remotely configure the firewall on several servers at once?

A. Use the powershell command set-netfirewallrule -name -enabled true

B. Applying the configuration change to the applicable server grouping in Server Manager.

C. Creating a configuration file for Jr. Admins to configure servers in parallel.

D. Applying a Group Policy related to Windows Firewall to the servers.

Answer: A, D would both work for firewall management. The TechNet article on using GP to deploy firewall rules is fairly old
so im linking a newer article in this case.

7. The Server Manager interface accommodates several servers, tested at nearly 100. What did the text (Zacker says lesson) highlight
as an element that can easily degrade Server Manager performance, and how to resolve it?

A. The Event tile generates a large number of records. It is resolved by configuring the types ages and sources of events.

B. The hardware resources of the Server Manager computer can degrade Server Manager. It is resolved by adding additional server memory.

C. The server’s screen resolution is set too high. It is resolved by choosing a lower resolution.

D. The amount of data the sever sends to all remote servers can degrade Server Manager. It is resolved by NIC teaming.

Answer: B, Adding that many servers can really tie up network and processor bandwidth.

8. By default Server Manager does not connect with down-level servers (for example a 2012 box could not connect to an unpatched
08 box). What must be done to properly connect?

A. Remote manage the down-level server by MMC.

B. Disable the Windows Firewall on the down-level server.

C. Add WinRM 3.0 and .NET 4.0 to the down-level server to ensure its patched

D. Perform an in place upgrade to server 2012 to all 08 R2 machines and lower.

Answer: C, as previously mentioned in the links and texts above.

9. Server Manager is properly connecting and managing your down-level servers. What tool do you use to add roles and features
to theses computers?

A. Using the Add Roles and Features Wizard in Server Manager to install the role.

B. Using Windows PowerShell to install the role.

C. Using the MMC and the applicable snap-in.

D. You cannot add a role remotely to a down-level server.

Answer: You could use A or B but generally its easier to use A. Regardless I thought it might be helpful to watch a video on the
topic.

There’s also a useful Technet article
here.

10. PowerShell web access gateway allows ________

A. Users to remotely connect to their desktops.

B. administrators to remotely manage IIS servers.

C. Uses a command-line alternative to standard websites.

D. Administrators remote management of servers using commands.

Answer: D, this one is pretty straight forward. While we are on a role here why not put another video in here feature our buddy Rick Claus
he has a pretty decent twitter account if your into that sort of stuff. Its kind of sales demo but its still cool.

https://www.youtube.com/watch?v=Qn7P6eGRy9Q

Thats all for this round. I dont know if youve noticed the punctuation issue with some posts have periods and some dont. I hope you dont find that
weird as the text does that as well. Not sure why and I have mixed feelings as to if answers are complete sentences that would require punctuation.

03-02-2016 0

Zacker book, Chapter 2

Moving on to chapter 2, Ive read about half this book but still find it really helpful to go through questions in this format. Its like
learning to paint and draw, the drawing helps you to paint and knowing where the paint goes helps you to make the line. When I first
started to paint and draw in realistic format I was awful but I knew it was some thing I had to do for my self. This seems similar only
maybe more important. So maybe by doing the html ref ill figure out where the color goes as opposed to just making sloppy line drawing
after sloppy line drawing. Then progressively my sloppy line drawings start to show that I understand line and value. Hopefully you have
a story that you can assimilate to that one.

Please read the header for this post
regarding the answer key situation for these chapters.

1.Which features must you remove from a full GUI installation of Server 2012 to convert it to a Server Core installation?
(choose all that apply)

A. Windows management instrumentation

B. Graphical Management Tools and infrastructure

C. Desktop Experience

D. Server Graphical Shell

Answer: B,D one thing you will see when this question comes up is the repetition of the fact that the windows “desktop experience”
in not installed by default and WMI has nothing to do with the gui as, from what I understand, it runs as a service so you can use server manager
from another computer to manage a server core installation. Please correct me if I am wrong.

2. Which of the following NIC teaming modes provides fault tolerance and bandwidth aggregation?

A. Hyper-v Live migration

B. Switch independent mode

C. Switch dependent mode

D. Server graphical shell

Answer: B, I found this to be a useful link with lots of back story as I was going through this. One thing that you will find
when prepping for this test is that if you start as a complete nub sauce on a fast track to failsville, like me, you need to probably triple
any book that you come across to even get a starting vantage point for understanding. Any way heres a link to a series of articles on
hyper-v networking.

YouTube is also a great place to search for information so heres a bit from youtube that google came up with, this can be really
informative “click-hole” to search through. This particular video is a little confusing if you have zero background in Hyper-v networking
but thats ok because every thing you read and watch will get you a little closer to understanding.

3. Which of the following command-line tools do you use to join a computer to a domain?

A. Net.exe

B. Netsh.exe

C. Netdom.exe

D. Ipconfig.exe

Answer: C, which should be apparent after checking the links.

4. Which of the following statements about Server Manager is not true?

A. Server manager can deploy roles to multiple servers at the same time

B. Server manager can deploy roles to VHDs while they are offline

C. Server manager can install roles and features at the same time

D. Server manager can install roles and features to any windows 2012 server on the network

Answer: A, however there may be some additional explanation on D, if your running R2 be sure that .NET 4.0 is installed. Check here for further explanation.

5. Which of the following operations can you not perform on a service using Server Manager? (apply for shoes….I mean choose all that apply, dare)

A. Stop a running service

B. Start a stopped service

C. Disable a service

D. Configure a service to start with the computer starts

Answer: C,D both of these can be done through services.msc or powershell

6. Name two methods to assign a static IP address to a computer using server core.

A. Server Manager & netdom.exe

B. netdom.exe and IPv4 properties sheet

C. The IPv4 properties sheet and the netsh.exe command

D. The netsh.exe command and WMI in powershell

Answer: D, also this command is helpful in this situation new-netipaddress
or for a more complicated approach try this WMI script

7. Before you can deploy roles to multiple remote servers, what must be done?

A. Perform an in-place upgrade to Server 2012

B. Ensure the remote servers are patched sufficiently

C. Add the remote servers to server manager

D. Perform a full backup

Answer: This was previously covered under another question but there is no “official” answer here but realistically given
that we dont know if these are 2012, 2012 R2 or even older machines the answer is B and C, if its a 2012 machine and so are all the others its just C, samee with R2
other wise .NET updates would be required.

8. What utility allows you to install components to multiple servers at once?

A. The Add Roles and Features Wizard only

B. Both Add roles and Features Wizard and Widows PowerShell

C. Windows PowerShell only

D. The Minimal Server Interface

Answer: C, only powershell scripts allow you hit multiple servers with roles and features in one shot

9. What method is available to install roles and features on another 2012 box using PowerShell?

A. Use the Install-WindowsFeature command and an exported config file (.ini?)

B. Use the Install-WindowsRole command and an exported config file (.ini?)

C. Use Server Manager and the proper tile

D. It is not possible using Windows PowerShell

Answer: A, I noted the .ini part as its not specified but im assuming thats what they are referring to. This is a grey area though
as i am completely new to the creation of and existence of these types of files.

10. What is the key principle to delegating server administrative tasks?

A. Granting users the tasks they feel most comfortable doing

B. Granting users only the permission they need to perform the task delegated to them by the organization

C. Assign the delegated tasks to the person most likely to benefit

D. Assigning enough permissions to do the delegated tasks as well as anticipated tasks

Answer: B seems obvious and I have yet to see this in any other test prep material.

Thats all for tonight, These arent taking as long as others so 2-3 of these a day shouldn’t be overly taxing given that my free time
maintains this state.

02-27-2016 0

Part 7 of questions from Q

Well we have almost reached the end of this round of questions. next step, read the next book, do the questions (that have no answers)
and take the test again. Most likely fail the test, then look for gaps in knowledge that are noted here, try some other sources for test
prep questions. Probably measure up, so long as they dont stay in the “expired status.” I asked about this before they became expired and I
was assured that it was ok and that I would still have use of them. Havent tried to actually use one yet but we will see how it goes. Not sure
at that this point that they are worth paying for by any means necessary. On to today’s breif study and then fixing the bolding text in the previous
questions.

61. You would like to review the default user rights for administering your ADDS
domain granted to the various built in groups in contained within Server 2012, you open the
GMPC
and then what should you do from there to view group rights assignments? (hoping I got the verbage
correct as thats indeed a re-write)

A. Right-click the Defualt Domain Policy GPO
& select edit. In the Group policy mangement editor (see previous link), navigate to the
computer configurationpolicieswindowsettingssecuritysettingslocal policiesuser rights assignment node and select this node.
View the default user rights in the details pane.

B. Right-click the Default Domain Policy GPO and select edit. In the Group Policy management editor, navigate to the
user configurationpolicieswindows settingssecurity settingslocal policiesuser rights assigment node, and select it. View the default
user rights in the dtails pane.

C. Right-click the default domain controllers policy GPO and select edit.. In the group policy management editor navagate to the
computer configurationpolicieswindows settingssecurity settingslocal policiesuser rigts assignment node & select ths node. View the
default user rights in the details pane.

D. right-click the default domain controllers policy GPO and elect Edit. In the GPME, navigate to
user configurationpolicieswindows settingssecurity settingslocal policiesuser rights assignment node, and select this node. View the
default user rights in the details pane.

Answer: C, So this is where I get conflicted about providing enough details to be through in question asking. Here
we are clearly providing enough material to be through but theres so much info it almost becomes confusing. Are the questions posed
perfect as is? certainly not and theres more than enough “red herring” material but the wise can eventually cut through the “B.S.”
it just seems to take longer. Im not sure that Ive found this to be the same case in testing scenarios however. Any way, the answer is
B given that they are talking about individual logins and not computer accounts which is some thing im assuming but again its not
entirely clear about that. Just reading between the lines again.

62. Your domain contains 6 Server 2012R2 member servers and 80 8.1 workstations. Users preform
their work using an in-house application App1.exe. App1 is updated on a monthly basis. Corporate policy states
that all users must use the latest version of app1exe. How can you enforce this rule? (choose two)

A. Create a software restriction policy using an application executable rule.

B. Create a windows installer rule.

C. Create an AppLocker rule to restrict older versions of the application.

D. Use group policy to publish all instances of the application.

Answer: A and C, im assuming they dont reinstall the app once a month. There are some tricky
verbiage words regarding software restriction policies regarding if its a hash rule or an executable rule
that are worth reviewing. That info is on TechNet here &
here as well as few other places
but its for sure worth understanding the practical differences between the different types of rules. Applocker
policy’s are a little more straight forward.

63. David Doss has used Windows firewall with Ad Sec on a Server 2012 R2 computer named Server3 to configure
several custom outbound and inbound rules. He would like to copy these rules to another computer named Server4
which also runs Windows Server 2012 R2. What should he do to accomplish this task with the least amount of administrative
effort?

A. Use the netsh advfirewall dump command at Server3 to copy the windows Firewall
with advanced security rules. Then use the netsh advfirewall reset command on Server4 to restore the rules
on this computer.

B. Use the wbadmin util on Server3 to back up the firewall rules

C. in the MMC open win firewall with ad sec snap-in on Server3, right-click inbound rules
and select export policy. After saving the export file, go to Server4 right-click inbound rules, and
select import policy. Click yes, specify the name of the policy file to be imported, and then click open. Then
repeat this procedure with the Outbound Rules node.

D. In the windows firewall w/ ad sec snap-in on Server3, right click the windows firewall with ad sec and
select export policy. After saving the export file, go to Server4 right-click windows firewall with ad sec and select import
policy. Click yes, specify the name of the policy to be imported then click open.

Answer:So heres a helpful link to some firewall PS commands but
they stil dont exactly answer this question however upon further reading into the TechNet links im feeling pretty confident that
the answer is D.

64. You have recently installed a new 2012 R2 file sever, Server1. You attempt to ping Server1 but receive a
“Request Timed out” message. You log on locally to Server1 & confirm that all IP address information
is correct. You can successfully ping your default gateway from Server1. You also verify that you can
access the web and other local network resources. What should you check?

A. Verify that the latest service pack is enabled on Server1.

B. Verify that the windows remote access service is started.

C. Verify that the appropriate inbound firewall rule is enabled for Echo Request ICMP.

D. Verify that the appropriate inbound firewall is enabled for Remote Access.

Answer: In ping is failing the answer is C given that there are no other scenarios that im missing while following this logic
train. Q confirms C

65. You are the administrator for StevieBsChickinALaKingALaCarte.com. Your network consists of 150
150 windows 8.1 client computers and 5 Server 2012 R2 member servers. Your development team creates a new application that you need to host on
AppServer1, one of the Windows Server 2012 R2 member servers. The Application installs a new service that listens on TCP port 5432.
Client computers use this service to interact with the application. AppServer1 also sends regular alerts toa
monitoring server using TCP port 4567. You notice that clients are unable to access the application hosted on AppServer1.
The alerting function is working properly. You realize that you didnt configure the Firewall rule on App Server1.
What do you need to configure?

A. An inbound rule to allow connection to TCP port 5432

B. An inbound rule to allow connections to TCP port 4567

C. An outbound rule to allow connections to TCP port 4567

D. An outbound rule to allow connection to TCP port 5432

Answer: A, these are kind outside of my understanding as im not exactly class room trained and Ive found few
technet articles demonstrating the line of thought necessary for understanding these types of scenarios.

66. You are a systems administrator for StevieBsChickinALaKingALaCarte.com. You configure
a new Server 2012R2 member server named Server1. You need to configure a windows firewall rule to allow inbound access for a PPTP VPN.
Which Ports should you enable? Each answer is part of the solution.

A. 1701

B. 1723

C. 47

D. 80

Answer: B,C, I dont know ports from a whole in the ground so this is also a tuff question that to me
seems like it would be a good candidate for googization of an answer. I hope thats proper english haha

02-21-2016 0

Part 6 of test prep questions from source Q….only one more to go

So we are almost done with this set. As discussed previously I may attempt two more sets of questions from other books. I also need to go
back and edit the formatting of some of the earlier ones to keep the bolding in line. This is actually more fun than I thought it would be and
Ive uncovered a few week areas other than the ones that involve math. on to 51-60, hopefully ill get this whole thing done today as its really not
that much work. Kind of disappointing when I cant get 10 done in a day.

51. Your network contains a single AD domain, StevieBsChickenALaKingALaCarte.com. DC1 exists in your main office and contains all FSMO roles. DC2 is located in a branch site connected via
a 10-mbps WAN link. DC2 does not contain any FISMO roles. Due to a situation invloving a tree getting thunder
struck your WAN link goes down and no users can log on. Which FSMO role must you bring online locally to ensure that users can log on.

A. Infrastructure master

B. Domain naming master (read through previous link(s))

C. PDC emulator

D. RID master

Answer: The most basic thing you need to bring online is the C in this legacy server scenario thats simply implied rather than stated. I also started typing the
full text of the answer from Q and im going to leave that here because Im too lazy to use the backspace button. “The PDC emulator is probably one of the more critical roles. It servers as a primary domain controller
for legacy servers such as Windows NT 4.0 client computers authenticating to the domain. Today, the PDC emulator functions to handle daily operations such as logons,
directory maintenance such as object changes or even password changes. This server also acts as a time sync master for the forest”

52. You are the administrator for the StevieBsChickenALaKingALaCarte.com domain which consists of 3 domain controllers and 23 Windows Server 2012 R2 member servers. You plan to
remove DC3. You need to identify which SVR records are registered by DC3. How can you retrieve this information?

A. Run the ntdsutil.exe /SRV

B. Open SRV.dns in %windir% system32config

C. Open netlogon.dns in %windir% system32config

D. Run nslookup /SRV/Server:DC3

Answer: Well are you sitting at the machine or are you trying to do this remotely? Some of these look like remoting. Personally I think its C but im not absolutely certain about that.
Q confirms that C is correct.

53. Your network consists of a single Active Directory domain-StevieBsChickenALaKingALaCarte.com Currently, two domain controllers exist.
DC2 is a Winders Server 2012 domain controller holding the PDC emulator role. DC1 is a Windows Server 2008 R2 file and print server named Server1.
You need to perform an offline domain join of Server1. How can you accomplish this?

A. Run dsadd.exe to join Server1

B. Upgrade DC1 to Windows Server 2012

C. Transfer all FSMO roles to DC2

D. Run Djoin.exe to join Server1

Answer: D, not a whole lot worth explaining on this one.

54. Your network consists of a single Active Directory domain pearson.com. You need to
retrieve a list of all servers along with the last time they authenticated with ADDS. Which cmdlet can you use to accomplish this?

A. Get-ADComputer and specify the last logon property

B. Get-ADServer and specify the last logon property

C. Get-ADLastLogon

D. DSquery ADServers

Answer: A but your also going to have to specify server names if you only want servers.

55. You are the administrator for StevieBsChickenALaKingALaCarte.com. You have recently created a new share, Share1 located in the
pasta.StevieBsChickenALaKingALaCarte.com child domain. You grant access to share1 using a global group named PastaUers. A Domain Local
distribution group, PastaDist is located in the parent domain StevieBsChickenALaKingALaCarte.com. You need to allow members in PastaDist
access to share1. What must you do first

A. Convert Group1 to a universal security group.

B. Convert Group1 to a domain local security group.

C. Convert Group1 to a global distribution group.

D. Convert Group1 to a universal distribution group.

Answer: One this is for certain is has to be a universal group because it needs access to resources in another domain and you cant go local to global,
you have to go to universal first. So that narrows are starting point to D or A. Im assuming that you can do two steps at once so since its already a distro group im going with D. Per Q the answer
is actually A so I was wrong.

56. AS the only network admin for your company you are feeling overwhelmed with the increased administrative overhead of supporting the business.
The company has recently expanded so mike decides to bring on a junior administrator. He wants to ensure that the new junior administrator is only able to link and unlink GPOs that are
created for computers located in the Poultry OU. Mike uses the Delegation of Control Wizard on the Poultry OU. Shortly after, Mike needs to make a
change to what he has previously delegated. How can Mike view the existing authority for Jr. Admin and make the necessary changes?

A. Modify the permissions in the security tab of the Poultry OU

B. Add the junior admins user account to the domain admins group

C. Add the junior admins user account to the local admins group on all warehouse workstations

D. Add the junior admin’s user account to the Enterprise Admins group.

Answer: generally the best answer for these scenarios is “use the delegation of control wizard” and its never make a
person any sort of global admin so with that being the case I think the only viable answer would be A

57. You work for a company that contains a single active directory forest. The forest contains two
domains: StevieBsChickenALaKingALaCarte.com and Sauce.StevieBsChickenALaKingALaCarte.com. You are the senior systems engineer for StevieBsChickenALaKingALaCarte.com
You have recently acquired three new branch sites, each containing a DC, a file server and an application server. One of the tasks on your plate is to
standardize backups across the domain. Part of the solutions requires you to ensure that members of the doamin group
BackupAdmins are added to the local Backup Operators group on all servers in the domain. How can you do this with the
least administrative effort?

A. Log in to each server and add the domain BackupAdmins group to the local Backup Operators group.

B. Configure a restricted group for StevieBsChickenALaKingALaCarteBackupAdmins.

C. Configure a restricted group for the local Backup Operators group on each server.

D. Nest the local Backup Opperators group in the StevieBsChickenALaKingALaCarteBackupAdmins group.

Answer: so this term “restricted group” gets a bit muddy. What does this even mean? I have no idea honestly, logically its like the “print
device” scenario discussed earlier. Isnt every created group a “restricted group”? TechNet
has this to say about restricted groups “Restricted groups allow an administrator to define two properties for security-sensitive groups (that is, "restricted” groups).“
So yeah you could just say "group” and specify a domain verb like local, global, or universal (even those two are almost the same).Im not sure if this
requires extra work when writing questions or what but its a fairly common theam. Any way, the answer is B.

58. In your domain all DCs run Server 2012R2 with the exception of one legacy 2008 DC. Your domain consists of 20 windows server 2012 member servers located in
the servers OU and 150 Windows 8.1 client workstations located in the Workstations OU. You need to create a group named Group1 on all servers in the domain. No other
computer should receive this group. What should you configure.

A. A local users and groups preference setting linked to the Servers OU

B. A local users and groups preference setting linked to the domain

C. A restricted groups setting linked to the domain

D. A restricted groups setting linked to the Servers ou

Answer: So clearly you need to make a group, again in spite of the conflicting nomenclature jargon
(not sure what type of people this program is supposed to produce?), that is linked to servers specifically
and not the domain in general. So with no clue as to the intent of group on, meaning I dont know if this is a “computer” type ou that has nothing to do
with logins or if it needs to be an account with a login/pw associated with it. Very confusing terms here, maybe you need to email servers?
I mean I understand the purpose behind this loose logic of test prep questions but its still annoying. That said im assuming its D. I was wrong, Q says its A.

59.Which Powershell cmdlet can you use to create a new GPO?

A. Add-GPO

B. New-GPO

C. Set-GPO

D. DSAdd.exe /NewGPO

Answer: B, thank goodness for the easy ones that dont require much typing and
have more logical answers.

60. Your company has hired a new chief security officer. One of her requirements is to ensure
that all local administrator accounts receive UAC prompts when any elevated task is preformed. You plan to implement
this via a group policy. What is the appropriate location for configuring these policies?

A. Security SettingsLocal Policies

B. Security SettingsAccount Policies

C. Security SettingsWindows Firewall with Advanced Security

D. Security settingsApplication control policies

Answer: This is very specific question and im honestly not sure but I know it isnt C and proably not D, Account policies
doesnt exactly make sense but A may not be right, however Q confirms A.

02-20-2016 0

Volume 4 of the Q test prep dissection

Volume 4, here we go 31-40, only three more from our first donor candidate Q.

31. Server1 is a 2012R2 server hosting Hyper-V machines. You configure VM1 to support an
in-house application. You configure a legacy network adapter for VM1. You need to ensure that VM1 uses only
50% of the available bandwidth. How should you do this?

A. Add a second legacy network adapter to increase throughput.

B. Remove the legacy network adapter and add an “up to date” network adapter.

C. Configure a NIC team

D. Reinstall Hyper-V integration services.

Answer:B, the wording to all of these answers is nonsensical and confusing. Could we please get on a standard system
for jargonization of ideas? “up to date” network adapter is not on option in Hyper-V nor can you “reinstall” integration services
in any kind of traditional understanding of what it means to install a piece of software. Perhaps in the future software will just be
check boxes but why are we talking about the future while nubz are trying to learn about the now?[/endrant]

32. You are the administrator for Server1 a two-node Windows Server 2012 R2 Hyper-V cluster. You configure two new virtual
machines: VM1 and VM2. You need to ensure that these virtual machines are not able to communicate with rogue DHCP servers. What should you
configure?

A. MAC Address Spoofing (need to Ctrl+F get to the info on link)

B. Router Gaurd

C. Port mirroring

D. DHCP Guard

Answer:B, D is the right concept but the label is incorrect.

33. You are the Hyper-V administrator for StevieBsChickenALaKingALaCarte.com.. You manage a Hyper-V
host named HyperV1. HyperV1 contains three 2008 VMs and 6 2012R2 machines. You have configured an external virtual switch within Hyper-V management console.
You need to ensure that the VMs are only able to communicate with hosted local VMs. What do you need to do?

A. Upgrade all 08 VMs to 2012 R2.

B. Add a second virtual switch. Move all 08 VMs to virtual switch 1 and all 2012 R2 VMs to the new switch labled
virtual switch 2.

C. Remove the virtual switch and re-create it using the private switch type.

D. Remove the virtual switch and re-create it using the public switch type (see previous link).

Answer:Based on the scenario Q gives we need to create a internal switch and delete the other switch but thats not one of the options. Again, I find
this confusing. Probably to newcomers and old hats a like. However, the answer is C per Q.

34. You are designing a multitenant Hyper-V infrastructure. You need to ensure that tenants are
unable to see each others resources. What should you configure?

A. Hyper-V virtual grid

B. Virtual Cloud Partitions (VCP)

C. Port Virtual Local Area Network (PVLAN)

D. MAC Address Isolation

Answer:C, not a whole lot of public facing information on this topic but network virtualization allows you to to specify port local per machine to
drill down to the specific level of security required for this scenario.

35.Amanda is configuring IP addressing for a company that has a head office in
midtown Manhattan and 11 branch offices in various locations through the New York metropolitan area. She
has decided that each office will correspond to a single subnet on the company’s WAN. The company itself
can use a single Class C network for this purpose. Which of the following subnet masks would provide the
most addresses for each host?

A. 255.255.255.192

B. 255.255.255.224

C. 255.255.255.240

D. 255.255.255.248

Answer: Logically you would think it would be A. C

36.Jim Goldberg functions as an admin for a single domain implementation of ADDS for his frim
He is assigned the task of maintaining his company’s DNS and DHCP servers. He decides that DHCP
clients running Win 8.1 should be configured to automatically select their primary DNS server.
Jim configures a 2012 R2 machine named Sever4 as a DNS server. In the DHCP server’s scope options for a subnet
containing 25 client computers, Neil configures Server4s IP address in the 006 DNS servers option.
He also ensure that DHCP reservation exists for Server4. Next, he restarts all the client machines on the
subnet. He discovers a client machine is still configured to use a DNS server that was taken off line before
Jim started making changes to the network. How can Jim correct this problem?

A. Execute the ipconfig /release and ipconfig /renew commands on each workstation

B. Configure both the 006 and the 015 options for the DNS server in DHCP Scope.

C. Use ipconfig /setclassid at each client computer to set DHCP class ID information.

D. Manually edit the TCP/IP properties on each client computer.

E. Isolate the subnet to eliminate the possibility that clients are receiving scope information from a
remote subnet.

Answer:D, this seems like too much work and like there should be another way around manual updates to a client but its what Q says. Are we
still in the early days of DNS on this?

37. Your Company uses Class B network ranges. You plan to configure the subnet mask for a branch site
containing 450 Win 8.1 client computers. Your company policy requires you to use 1 subnet per branch site.
You plan to add another 150 computers in the next year. You need to select a subnet mask that
satisfies the requirements for today and also the future growth. You want to limit
the amount of wasted addresses. Which subnet mask should you select?

A. 255.255.254.0

B. 255.255.252.0

C. 255.255.255.240

D. 255.255.255.0

Answer: I would say B but im not great with IPv4 but im going to hold my self accountable so even if im wrong
after checking Ill leave my wrong answer posted. Ok it is B after reading the whole question and the answer. For more information watch
Subnetting demystified as mentioned in a previous post.

38. You need to plan an IPv6 addressing scheme. You need to identify the addresses in the answers below
as one of the following 1:Global Unicast, 2:Link-Local unicast,
3: unique local IPv6 unicast, or 4: Multicast

A. Fe::

B. 2000::/3

C. Fc00::/7

D. Ff

E. Fe80::/64

Answer:Im terrible with Ipv6 so we for sure have to consult the answer column in
Q for this one or you could check the links and learn the ranges and perhaps an understanding of the ranges. Any way the answer is 1,B; 2,E; 3,C; 4,D.

39. Stevie B’s Chicken A La King A La Carte consists of a main site and two branch sites (we rae really
much larger but this is just a theoretical scenario). Each branch site is connected to the main via a WAN link. You need to configure a new
server for the main site. You need to configure an IPv6 address for the new server. You plan to use an IPv6 address clas
that is private to the organization but unique across all the organization’s sites. Which address meets this requirement?

A. Foo:3fff:64df:155c:dca7::81a4

B. Fe80::cc33:456a:3719:1234

C. 2003:414:ab86:741f::230:1:a5ab

D. fd12:cd36:1208:9::f92b

Answer:D, as im horrible with IPv6 I had no clue. I honestly havent put much stock into learning this technology yet as
it seems it would be immensely time consuming for some one such as my self and I have a lot of other stuff to learn.

40. You are the network engineer for a consulting firm. You have been tasked with desiging a subnet mask for a network that
will support up to 20,046 client computers. You must minimize the number of wasted addresses. Which subnet mask should you select?

A. 255.255.252.0

B. 255.255.248.0

C. 255.255.240.0

D. 255.255.128.0

Answer: D This requires a lot of math (at least a lot to me) but if you memorize the tables or at least the patterns of the tables and
write them out while testing its possibly faster than doing the round about math of 255-128=x X*255. I think thats a slightly less than
accurate but not completly failsauce way to calculate addresses in this case. Please correct me if your reading this and im wrong.

02-15-2016 0

Part 2 of “Q” 70-410 test prep Q & A

In part 2 of this 6 part set up. I would go for 3 tonight but I got a new book thats just begging for some attention tonight. The answers are a little
more personally worded as im starting to get comfotable with this set up. I have a tendency to be overly appologetic but none the less I hope you
dont mind the refferences (see jokes) and format.

11. Server1 is a new file server that store user data for your Stevie B’s Chicken A La King A La Carte. You have noticed that
Server1 is getting low on HD space. To fix the issue you decide to add a new 3 TB disk named Volume 4. What is the best way to configure Disk2
so that you can create a new 3-TB volume on Server1.

A. Format it as FAT

B. Use DiskPart and convert the disk to a
GPT disk.

C. Use the MBR partition
table when creating the volume(4)

D. Attach the new volume as a VHD

Answer: B is recomened for disks larger than 2TB in size. Doesnt work with older versions and when you add
a smaller disk its added as an MBR disk. If you really feel the need to convert a smaller disk to GPT you can do that
using diskpart as long as its blank.

12. You are planning to design a new storage space on a 2012 R2 server with four 2-TB disks. Your
goal is to maximize the amount of storage but also provide fault tolerance should a single disk fail. What kind
of storage space should you create?

A. Parity storage space

B. Mirror storage Space

C. Spanned Volume

D. Simple storage space

Answer: A Given that a mirror storage space is going to provide the most fault tolerance but the least
amount of efficiency we can rule that out. A spanned volume is simply two disks combined to make
one disk, so there’s no fault tolerance there. So that leaves us with Parity storage space given that
a simple volume has nothing to do with fault tolerance, it just limits the options as to the type of disks that you can create.

13. You have been asked to design a local storage solution that offers fast read and write access for
your files. Data protection is not a concern. Which RAID offers the highest read/write?

A. RAID-0

B. RAID-1

C. RAID-2

D. RAID-5

Answer: Raid 0 or A is clearly the winner here as it offers no redundancy. Ive noticed that this appears to be the same as a “spanned volume”

14. Several months after installing a new Windows Server 2012 R2 file server and configuring quotas for users in her
company’s AD DS domain, Ozzy notices that the hard disk on which users’ shared folders are located is quickly becoming full. Upon checking through
the contents he asks Sharon why she has so many photos of David Hasselhoff. Ozzy would like to prevent Sharon from storing Davids records on
the company drives. What should Ozzy do?

A. Use File Server Resource Manager (FSRM) To block audio/video file types and email Sharon informing her to use Spotify.

B. Use FSRM to generate an alert when ever Sharon saves saves audio file types

C. Modify disk quotas to reduce the amount of disk space avalible to users.

D. Modify the quota to block saving audio files

Answer: A, not sure why you would use a quota setting (i dont think its possible) to do what FSRM does.

15. You need to create a shared folder on your Windows Server 2012 R2 computer
that users on a UNIX server require access to. You want to configure access-denied assistance and
quotas on this share. Which of the following options do you pick in the New Share Wizard that you
started from server manager?

A. SMB Share-Quick (its really hard to find a consitant answer for these, Ill make a blog post and update)

B. NFS Share-Advanced

C. SMB Share-Advanced

D. NFS Share-Quick

E. SMB Share-Applications

Answer: If you want to configure all the options at setup its going to be B however you can chose the quick option and configure
settings after creation. At least thats my understanding from watching youtube videos as MSFT isnt exactly specific in TechNet articles yet this topic
appears frequently on practace tests. According to our source “Q” it is in deed B.

16. You have granted a user named Lemmy the read NTFS Permission on a folder named Sales. Lemmy is also a member of the BlueFinance group which was granted
explicitly denied the Full Control NTFS permission on the Sales folder. What is Lemmys effective
access to the folder? (obviously he doesnt care at this point but lets pretend he does)

A. Full Control

B. Lemmy does not have access to the folder.

C. Modify.

D. Read.

Answer: Proably D but these things are tricky. D is what it seems to indicate the goal his however
we may not have obtained our goal. According to our source material layering an explicit deny of full control
into this equasion would amount to server granting no access to the share so the answer is B. There is an interesting
bit about this in the server 2012 MCSA google + group which I highly recommend joining as all sorts of information is
shared amongst members. I think this link should get you there. Poke
around till you find some practace test Q & As.

17. Which NTFS Quota configuration should you enable to actively notify users that they are nearing
their quota limit?

A. Set Warning level

B. Deny disk space to users exceeding quota limit

C. Limit disk space

D. Log event when user exceeds their warning level

Answer: A obviously, not sure if there is much need for links in the example.

18. Brian is the admin for Stevie B’s Chickin A La King A La Carte (I get it Contoso is shorter) which is currently opporating
and ADDS network with a single domain. The Pultry department (as opposed to the noodle & sauce departments, not to be confused) has
recently aquired a high-speed laser printer to handle their printing needs.
Brian has created three dom local groups on the print server for purposes of managing the printer, as follows: Designers
have print permissions, Supervisors have manage documents permissions, and managers have manager printer permissions. Brian needs
to give a staff memeber in the pultry department named Lloyd the ability to pause, resume and cancel documents printer by all staff
but not control the permissions assigned to other staff members on the printer. What group should Lloyd be a part of?

A. Supervisors

B. Designers

C. Managers

D. Brian does not need to add Lloyd to any of these groups she can performore these tasks by default.

Answer: A. Ok So clearly she needs to be a member of a group that manages document permissions and that group is Supervisors, A. For more information
about print permissions check here.

19. You have recently configured a new Windows Server 2012 R2 print server. you install a new high-ca=acity printer in one of your
satellite offices. For ease of administration the printer is shared on the print server located in the corporate office. All statlite
users are configured to use the shared printer Server1Printer1. Users in
one of the branch sites print to this printer over the corporate WAN link. You need to
ensure that users are able to print to the printer in the event of a WAN link failure. What can you
do to meet this requirement?

A. Disable Printer pooling

B. Install a second printer and share it as a server1Printer2 as a backup.

C. Enable Printer pooling

D> Enable Branch Office Direct Printing

Answer: D in the case of using a WAN link and having a failure its going to cause a failure but why a sat office would print to another physical
location is beyond me. Or print to another location then have that printer send the doc to a local print device. Thats scenario
is a perfect example of hard questions due to a lack of break fix methodology that lends its self more to a complete solution as opposed
to a partial answer. This problem isnt as bad on the real test but Ive noticed it to be a real pain on the practace tests. Its just outside
the relm of liner thinking which makes it much harder than it needs to be due to vague conceptual ideas that horrificly incomplete. WRITE COMPLETE
SNTENCZ PLZZZ! Tank u! domo!

20. Your network consist of a single Active Directory domain. Server1 is a windows server 2012 R2 server with the print and document
server role installed. Only one print device exists for the company. Sales, Finance and Marketing users all share the same
print device. You need to ensure that all usuers can print to this print device but that finance documents print before any other
department. What should you do?

A. Add three printers. Modify the priorities and security settings of each printer so that individual deparments have their own
printer to submit jobs to.

B. Purchase another print device and configure a Printer pool.

C. Add one printer, establish a priority on the printer and require all departments to submit jobs to this printer.

D. Add one printer. Configure the printer security settings to allow finance users to print. Deny all other users the abilty to print

Answer: A, just mod the print priorities and have all the docs go to the same printer. Any one in the group with the highest
priority will print first.

02-09-2016 0

Retake Failure

I took my test again after a month of studying, most on IPv4 configurations and subnetting. I suppose I could post some of the links
of sites that I used as study resources however they might not all be here as I had computer failure not long after taking the test.
I found a great video series on youtube that helped me to mostly memorize an IPv4 subnetting table and after watching it I felt like
I understood the basics. DHCP is real killer though. I had a really tuff and involved DHCP question that basically involved a screen with a
block of ip configurations and subnet blocks as sort of a multi question what goes where type of thing. I dont think I did too well on that
section. However I did do fairly well in a couple areas (scoring in the 90s)over all I failed. As you hopefully can see in the picture (also shown
some upcoming concerts im excited about haha)I got a 563 this time.

Ignore the pall Mall coupons, im really trying to quit. To be quite honest im not sure why im including it other than I need to straighten out those
tickets if im going to save them!

ok so here you can actually see what my score was. Without all the irrelevant information. Clearly IPv4 configuration and DHCP
is a struggle for me. Im going to continue to study but it might be good to seek a Network + certification so I have a little better
background in what im doing here (studying things that are way over my head at this point it time but giving it my best. I would have assumed
that I would have done better on the GP and AD sections. Not sure how those got so low but either way its some thing to study.

IPv4 links

clearly my studies didnt help all that much in terms of on paper test scores as I spent most of the month between exams studying this topic
alone but these resources are very helpful. Im not sure if any one is less excited about how much IPv6 we will see in the next version of server
than I am. I dont see IPv4 very clearly yet but as a guitar player I could understand that after you fully understood it you could begin
to see ip address ranges and almost the entire internet as a guitar fret board with intent behind the theory. That is very exciting to me.
However coming into it after not having learned to play an easy guitar fully and then being handed an 8 string is quite a scary proposition.

so here is the recommended video series, there’s lots of stuff out there about subnetting and most of it is helpful. However this is
guys is from Nashville and I lived there for a while so maybe im just partial. Also its honestly worth it to watch the whole thing and take notes the entire time and do
the exercises while pausing. It may not get you extra points on the 70-410 but at least you will have a better understanding of subnetting.

Ok, thats all for now. Theres also a few questions Ive seen centered around integrating Azure with an in house AD solution so up next
I suppose Ill muse on that for a while. Oh yeah and also attempt to figure out how and why the technology actually works.

And in case the youtube video doesnt frame in correctly here is the direct link:

Subnetting Demystified

01-08-2016 0

I havent updated this in a while, havent had much info to share. Attempted my test for the first time and unsurprisingly failed by a decent margin. I got a 538
as you can see in this photo where I gave it my best Honey Boo Boos mom face.

Im feeling like im kind of in limbo at the moment waiting on my retake. I did a acquire a new book and have worked about half way through it
Its this guy right here.
Decent books covers some things that the Panek/Sybex book doesnt cover. Still about another thousand pages of essentially cliff notes.
However booth books are tremendously helpful to server new comers in the regard that they do offer a direction in which to study.

Ok so great, now I have to retake my test again soonish and im probably not going to do a whole lot better but the good news is that I
do feel like its passable at this point. At first I wasn’t entirely sure it was possible from my vantage point, now im not so sure.

Currently studying IPv4 sub netting, feeling some what confident about DNS and less so about DHCP. When first approaching subnetting
I was completely overwhelmed because book reference isn’t that helpful and my teach in class wasn’t too keen on answering questions. Thankfully
I found this video series

Here is the link in case the iFrame doesnt load. Subnetting Demystified

Super thankful for this dude and for this free resource hes made available to schlubs such as my self attempting to acquire the wisdom of
the wizards of Sever and interneting technologies. So im still working through that series and trying to use this as practice with a little help from this
for the sake of comprehension. Upon first approach it seemed like a random number generator but the Ip calculator proved me wrong.
After watching a few times and doing some practice trying to understand the numbers show in the calculators formula I think I should be able to understand.
Its also surprisingly fun once you put a little effort into it. Its a nice break from memorization of conceptual and practical terms/data.

Going to have to really milk the practice tests for all they are worth because I believe those go away for me in January and they are a
huge huge help in terms of direction and every thing else. I have literally no money but I might try to find a way to extend the time line
in which those are available to me if its not overly expensive. So for now we are working on getting down DHCP technologies and brining up
that bottom number quite a bit.

12-09-2015 0

Powershell not s parte 1

So I watched these MSFT videos, here https://www.microsoftvirtualacademy.com/en-us/training-courses/getting-started-with-powershell-3-0-jump-start-8276
, that where so helpful in understanding powershell. Much better than most reference
book that I’ve used and if you pair some of this info with the Virtual Academy
lab environments you might just learn a very small amount of powershell without
actually working on a real working server environment. The first time I watched
the help video I was like omg holy shit this is amazing and took absolutely no
notes what so ever. A few days later I opened a powershell prompt in the MSFT
lab environment and just sort of stared at like “woah scope that arrow >”
and couldn’t remember anything these dudes where talking about. So I decided to
watch it again and write down everything they were saying. Turns out this info
is generally more helpful than any book ive seen see far. So maybe this exists
out there somewhere in internet land but here’s some powershell notes for
idiots like me.

Note:I do apologize for any incoveninece my typos my cause,
I was drinking beer and listening to style of hip-hop known as krunk. Some
examples of krunk are the Yin-Yang Twins known for there hit single “Salt Shaker”
and the artist Trick Daddy. You may recall Trick Daddys 1998 hit single “Nann”
from his album www.thug.com which has an
image on the cover of a website created around the time of its release. Im sure
that the website was hosted on a windows advanced server NT 4.0 machine running IIS however there is a
possibility that it was a Unix box hosting it that was powered by Apaceh.
Either way it was a real website currently it appears to have some sort of
alias record directing you to some label page. Boring.

Update-help
-force :this command will
download the latest help file info

Using the up errow will legt you scroll through the history
of commands you have typed.

The tab key is also extremely useful in that it will let you
scroll through possible commands, in this screen shot I just typed get help and
the pressed tab and space a few times to see what the results would be. I don’t
think this would display a functional output but you get the idea.

The typical Copy and paste cntrl C cntrl V does not work
however highlighting text very carefully and then rich clicking then scrolling down to the next input space
and right clicking does work

Get-help
“command” or cmdlet a little confused on terminology here :basic powershell help
parameter, an example of a “command” would be add-windowsfeature as you can see
it doesn’t like install-service This
looks like:

Help “command” :shows more information that simply using
get-help, the output of this command looks like this and as you can see it does
not require a -:

Man “command” :also a more prolific version of the get-help
command, the output of this command looks like this and as you can see with
this being done on the MSFT free test lab environment we run into a few issues
as the update-help command doesn’t seem work:

Get-help *service* :in this example these dudes are using
what amounts to a search parameter to search for anything that has the word
service in the name. This looks like this:

Get-help g*service* :
this will narrow the list and pull any commands that have a g and service for
example get-service. The output of this command looks like this:

Get-verb : this will show all the verbs used in powershell
and instead of listing all the verbs ive shown that the location of the asterisk
character matters. If you do a search with *R it will display everything that
ends with the letter R if you use R* it will show any thing that starts with
the letter R.

Get-verb |measure :this will give a number of returned
options. This is the first time we have seen the | command show up but it’s a
very powerful tool that you can use add addendum to powershell commands. More
on this whole | in later posts. Now it feels like where getting somewhere and
learning out how organize and display information in powershell!

-detailed :this switch lists all the help for the command. It’s
fairly extensive and this point is worth noting what all the [,][<[] things
mean. At first I was mega confused by this because im not a coder. But basically
it goes like this, if the syntax starts with a [ then a command inside of that
then it requires no additional switches to run, however if it doesn’t start
with that you have to give some more description. If you see additional []
things inside of a [ after describing a switch you can use multiple variables. Hopefully
that makes sense and it looks something like this:

-full :this switch basically the same as using the –detailed
command however there is some more info about additional paramaters and im not
sure that I fully understand that yet so after I get some more info I may
discuss this more. Also its worth noting here that I picked the add-dnsserverconditionalforwarderzone
cmdlet because DNS is somewhat confusing to me and a global sense and I just
used the Tab key to find it:

Get-help get -service –online :the online switch takes you
to the TechNet article on the requested topic. Also you can see that we start running
into problems with using the free labs again. Im assuming they don’t have an
internal internet connection which would make sense because I could see people
using these as a proxy server of sorts being a problem.

Get-help get-service –examples :this examples switch is
where they keep the good stuff. The get-help is absolutely useless unless you
understand the code and all the brackets and all that stuff that’s obviously
super confusing. The –examples parm displays an exact line that you can type to
get what you’re looking for. And as you can see in the previous example we are
little limited here as well

Get-help get-service –showinwindow :this is amazing and it works great in the video. The show
in window switch shows the help file that was just pulled in a separate pop
window. Like omg a GUI in a dos type inviroment. My favorite part of this, as
if this wasn’t enough to spin your command line clues brain into a spin you can
also select check boxes to figure out/drill down to specifics so you can figure
out exactly how to talk to this thing. However it doesn’t work in the test environment.

There’s also an interesting bit in the video about finding
things out by using bad switches/parameters after cmdlets in hopes of getting
some information in the returned error. I didn’t exactly find that helpful but
its displayed in the next image any way.

The event log search and pull tool however is amazing. Everyone
that’s ever had to search through an event log to figure out what was going on
knows how awful it is. Powershell just makes this a non issue. You can target
specific machines, types of errors, whatever you want and then output it to an
html file and have a nice little browser display of exactly what you’re looking
for. Here’s a basic example of that, obviously there’s not a lot of event log
info on freshly created test environments.

So hopefully this helps a little with a basic understanding of powershell. Like the time that some one explained how a mouse operated when you first sat down at a computer.

Also heres some tumblrs that have scripts on them:

http://powershell.tumblr.com/

http://pwscripts.tumblr.com/

08-10-2015 0