Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration:
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. You need to configure Active Directory to support the planned deployment.
Solution: You upgrade a domain controller to Windows Server 2016.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Device registration requires a forest functional level of Windows Server 2012 R2.
References: https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/deployment/configure-afederation-server-with-device-registration-service https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/design/ad-fs-requirements
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration:
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. You need to configure Active Directory to support the planned deployment.
Solution: You raise the forest (domain) functional level to Windows Server 2012 R2.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
For a Windows Server 2012 R2 AD FS server, this solution would work.
However, new installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85).
References: https://technet.microsoft.com/en-us/windows-server-docs/identity/adfs/operations/configure-device-based-conditional-access-on-premises
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration:
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. You need to configure Active Directory to support the planned deployment.
Solution: You run adprep.exe from the Windows Server 2016 installation media.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Device registration requires a forest functional level of Windows Server 2012 R2.
New installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85).
References: https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configuredevice-based-conditional-access-on-premises
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From Windows PowerShell on Server1, you run the Add-DnsServertrustAnchor cmdlet.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
The Add-DnsServerTrustAnchor command adds a trust anchor to a DNS server. A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust anchors must be configured on every non-authoritative DNS server that will attempt to validate DNS data. Trust Anchors have no direct relation to DSSEC validation.
References: https://technet.microsoft.com/en-us/library/jj649932.aspx https://technet.microsoft.com/en-us/library/dn593672(v=ws.11).aspx
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10. On Server1, you have the following zone configuration.
You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally.
References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you modify the Network List Manager Policies.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Network List Manager Policies are security settings that you can use to configure different aspects
of how networks are listed and displayed on one computer or on many computers. Network List Manager Policies are not related to DNSSEC.
References: https://technet.microsoft.com/en-us/library/jj966256(v=ws.11).aspx
https://technet.microsoft.com/nl-nl/itpro/windows/keep-secure/network-list-managerpolicies?f=255&MSPPError=-2147217396 The right way would be by using network policies: Add-DnsServerClientSubnet -Name “subnet4” -IPv4Subnet 172.16.1.0/24 -PassThruAdd-DnsServerQueryResolutionPolicy -Name “blockqueries” -Action IGNORE -ClientSubnet “EQ,subnet4” -PassThru See also: https://technet.microsoft.com/en-us/windows-server-docs/networking/dns/deploy/applyfilters-on-dns-queries
You have a server named Server1 that runs Windows Server 2016.
You need to configure Server1 as a multitenant RAS Gateway.
What should you install on Server1?
- A . the Network Controller server role
- B . the Remote Access server role
- C . the Data Center Bridging feature
- D . the Network Policy and Access Services server role
B
Explanation:
RAS Gateway – Multitenant. You can deploy RAS Gateway as a multitenant, software-based edge gateway and router when you are using Hyper-V Network Virtualization or you have VM networks deployed with virtual Local Area Networks (VLANs). With the RAS Gateway, CloudService Providers (CSPs) and Enterprises can enable datacenter and cloud network traffic routing between virtual and physical networks, including the Internet. With the RAS Gateway, your tenants can use point-so-site VPN connections to access their VM network resources in the datacenter from anywhere. You can also provide tenants with site-to-site VPN connections between their remote sites and your CSP datacenter. In addition, you can configure the RAS Gateway with BGP for dynamic routing, and you can enable Network Address Translation (NAT) to provide Internet access for VMs on VM networks.
References: https://technet.microsoft.com/en-us/windows-server-docs/networking/remote-access/remoteaccess
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host.
You have two network adapter cards on Server1 that are Remote Direct Memory Access (RDMA)capable.
You need to aggregate the bandwidth of the network adapter cards for a virtual machine on Server1. The solution must ensure that the virtual machine can use the RDMA capabilities of the network adapter cards.
Which commands should you run first? To answer, select the appropriate options in the answer area.
Explanation:
A new feature of Windows Server 2016 is SET (Switch Embedded Teaming).
Create a SET team You must create a SET team at the same time that you create the Hyper-V Virtual Switch with the New-VMSwitch Windows PowerShell command.
When you create the Hyper-V Virtual Switch, you must include the new EnableEmbeddedTeaming parameter in your command syntax.
In the following example, a Hyper-V switch named TeamedvSwitch with embedded teaming and two initial team members is created.
New-VMSwitch -Name TeamedvSwitch -NetAdapterName "NIC 1","NIC 2" -EnableEmbeddedTeaming $true
References: https://technet.microsoft.com/en-gb/library/mt403349.aspx
DRAG DROP
You have a server named Server1 that runs Windows Server 2016. You need to deploy the first cluster node of a Network Controller cluster.
Which four cmdlets should you run in sequence? To answer, move the appropriate cmdlets from
the list of cmdlets to the answer area and arrange them in the correct order.
Explanation:
Deploy Network Controller using Windows PowerShell
Step 1: Install-WindowsFeature
Install the Network Controller server role
To install Network Controller by using Windows PowerShell, type the following commands at a Windows PowerShell prompt, and then press ENTER.
Install-WindowsFeature -Name NetworkController CIncludeManagementTools
Step 2: New-NetworkControllerNodeObject
You can create a Network Controller cluster by creating a node object andthen configuring the cluster.
You need to create a node object for each computer or VM that is a member of the Network Controller cluster.
Tocreate a node object, type the following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment.
New-NetworkControllerNodeObject CName <string> -Server<String> -FaultDomain <string>-RestInte
Step 3: Install-NetworkControllerCluster
To configure the cluster, typethe following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment.
Install-NetworkControllerCluster CNode <NetworkControllerNode[]> CClusterAuthentication …
Step 4: Install-NetworkController
To configure the Network Controller application, type the following command at the Windows PowerShell command prompt, and then press ENTER. Ensure that you add values for each parameter that are appropriate for your deployment.
Install-NetworkController CNode <NetworkControllerNode[]> CClientAuthentication
References: https://technet.microsoft.com/en-us/library/mt282165.aspx
You have an Active Directory domain that contains several Hyper-V hosts that run Windows Server 2016.
You plan to deploy network virtualization and to centrally manage Datacenter Firewall policies.
Which component must you install for the planned deployment?
- A . the Routing role service
- B . the Canary Network Diagnostics feature
- C . the Network Controller server role
- D . the Data Center Bridging feature
C
Explanation:
Using Windows PowerShell, the REST API, or a management application, you can use Network Controller to manage the following physical and virtual network infrastructure:
References: https://technet.microsoft.com/en-us/library/dn859239.aspx
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 hosts a service that requires high network throughput.
VM1 has a virtual network adapter that connects to a Hyper-V switch named vSwitch1. vSwitch1 has one network adapter. The network adapter supports Remote Direct Memory Access (RMDA), the Single Root I/O Virtualization (SR-IOV) interface, Quality of Service (QoS), and Receive Side Scaling (RSS).
You need to ensure that the traffic from VM1 can be processed by multiple networking processors.
Which Windows PowerShell command should you run on the host of VM1?
- A . Set-NetAdapterRss
- B . Set-NetAdapterRdma
- C . Set-NetAdapterSriov
- D . Set-NetAdapterQoS
A
Explanation:
The Set-NetAdapterRss cmdlet sets the receive side scaling (RSS) properties on a network adapter. RSS is a scalability technology that distributes the receive network traffic among multiple processors by hashing the header of the incoming packet. Without RSS Windows Server 2012/2016; network traffic is received on the first processor which can quickly reach full utilization limiting receive network throughput. Many properties can be configured using the parameters to optimize the performance of RSS. The selection of the processors to use for RSS is an important aspect of load balancing. Most of the parameters for this cmdlet help to determine the processors used by RSS.
You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host that hosts a virtual machine named VM1.
Server1 has three network adapter cards that are connected to virtual switches named vSwitch1, vSwitch2 and vSwitch3.
You configure NIC Teaming on VM1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that VM1 will retain access to the network if a physical network adapter card fails on Server1.
What should you do?
- A . From Hyper-V Manager on Server1, modify the settings of VM1.
- B . From Windows PowerShell on VM1, run theSet-VmNetworkAdapterTeamMapping cmdlet.
- C . From Windows PowerShell on Server1, run the Set-VmNetworkAdapterFailoverConfiguration cmdlet.
- D . From Windows PowerShell on Server1, run the Set-VmSwitch cmdlet.
A
Explanation:
You can configure NIC teaming in the Guest OS; however, before NIC teaming will work in a virtual machine, you need to enable NIC teaming in the Advanced Features section of the VM settings.
HOTSPOT
You have an Active Directory domain named Contoso.com. The domain contains Hyper-V hosts named Server1 and Server2 that run Windows Server 2016. The Hyper-V hosts are configured to use NVGRE for network virtualization.
You have six virtual machines that are connected to an external switch. The virtual machines are configured as shown.
To which virtual machine or virtual machines can VM1 and VM3 connect? To answer, select the appropriate options in the answer area.
Explanation:
The GRE keys must match.
To separate the traffic between the two virtualized networks, the GRE headers on the tunneled packets include a GRE Key that provides a unique Virtual Subnet ID for each virtualized network.
References: https://blogs.technet.microsoft.com/keithmayer/2012/10/08/step-by-step-hyper-v-networkvirtualization-31-days-of-favorite-features-in-winserv-2012-part-8-of-31/
You have a Nano Server named Nano1. You deploy several containers to Nano1 that use an image named Image1. You need to deploy a new container to Nano1 that uses Image1.
What should you run?
- A . the Install-WindowsFeature cmdlet
- B . the docker run command
- C . the docker load command
- D . the Install-NanoServerPackage cmdlet
B
Explanation:
When an operator executes docker run, the container process that runs is isolated in that it has its own file system, its own networking, and its own isolated process tree separate from the host.
The basic docker run command takes this form:
$ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG…]
You have a server named Server1 that runs Windows Server 2016.
You plan to deploy Internet Information Services (IIS) in a Windows container.
You need to prepare Server1 for the planned deployment.
Which three actions should you perform? Each correct answer presents part of the solution.
- A . Install the Container feature.
- B . Install Docker.
- C . Install the Base Container Images.
- D . Install the Web Server role.
- E . Install the Hyper-V server role.
A,B,C
Explanation:
Step 1 (A): The container feature needs to be enabled before working with Windows containers. To do so run the following command in an elevated PowerShell session.
Enable-WindowsOptionalFeature -Online -FeatureName containers CAll
Step 2 (B): Docker is required in order to work with Windows containers.
Note: First install the OneGet PowerShell module.
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Next you use OneGet to install the latest version of Docker.
Install-Package -Name docker -ProviderName DockerMsftProvider
Step 3 (C): Install Base Container Images
Windows containers are deployed from templates or images. Before a container can be deployed, a container base OS image needs to be downloaded. The following commands will download the Nano Server base image.
Pull the Nano Server base image.
docker pull microsoft/nanoserver
You have a Hyper-V host named Server1 that runs Windows Server 2016.
Server1 has a virtual machine named VM1. VM1 is configured to run the Docker daemon.
On VM1, you have a container network that uses transparent mode.
You need to ensure that containers that run on VM1 can obtain IP addresses from DHCP.
What should you do?
- A . On VM1, run docker network connect.
- B . On Server1, run docker network connect.
- C . On VM1, run Get-VMNetworkAdapter CVMName VM1 | Set-VMNetworkAdapter CMacAddressSpoofing On.
- D . On Server1, run Get-VMNetworkAdapter CVMName VM1 | Set-VMNetworkAdapter C MacAddressSpoofing On.
D
Explanation:
If the container host is virtualized, and you wish to use DHCP for IP assignment, you must enable MACAddressSpoofing.
PS C:> Get-VMNetworkAdapter -VMName ContainerHostVM | Set-VMNetworkAdapter -MacAddressSpoofing On
The command needs to be run on the Hyper-V host.
References: https://msdn.microsoft.com/enus/virtualization/windowscontainers/management/container_networking
You have a server named Server1 that runs Windows Server 2016. You install the Docker daemon on Server1.
You need to configure the Docker daemon to accept connections only on TCP port 64500.
What should you do?
- A . Edit the configuration.json file.
- B . Run the Set-ServiceWindows PowerShell cmdlet.
- C . Edit the daemon.json file.
- D . Modify the routing table on Server1.
C
Explanation:
Configure Docker with Configuration File
The preferred method for configuring the Docker Engine on Windows is using aconfiguration file. The configuration file can be found at ‘c:ProgramDatadockerconfigdaemon.json’.
Only the desired configuration changes need to be added to the configuration file. For example, this sample configures the Docker Engine to accept incoming connections onport 64500. All other configuration options will use default values.
{
"hosts": ["tcp://0.0.0.0:64500"]
}
References: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/docker/configure_docker_daemon
You have a failover cluster named Cluster1.
A virtual machine named VM1 is a highly available virtual machine that runs on Cluster1. A custom application named App1 runs on VM1.
You need to configure monitoring on VM1. If App1 adds an error entry to the Application event log, VM1 should be automatically rebooted and moved to another cluster node.
Which tool should you use?
- A . Resource Monitor
- B . Failover Cluster Manager
- C . Server Manager
- D . Hyper-V Manager
B
Explanation:
Do you have a large number of virtualized workloads in your cluster? Have you been looking for a solution that allows you to detect if any of the virtualized workloads in your cluster are behaving abnormally? Would you like the cluster service to take recovery actions when these workloads are in an unhealthy state? In Windows Server 2012/2016, there is a great new feature, in Failover Clustering called “VM Monitoring”, which does exactly that C it allows you monitor the health state of applications that are running within a virtual machine and then reports that to the host level so that it can take recovery actions.
VM Monitoring can be easily configured using the Failover Cluster Manager through the following steps:
References: https://blogs.msdn.microsoft.com/clustering/2012/04/18/how-to-configure-vm-monitoring-in-windows-server-2012/
You have a server named Server1 that runs Windows Server 2016.
The disk configuration for Server1 is shown in the exhibit. (Click the Exhibit button.)
You add Server1 to a cluster.
You need to ensure that you can use Disk 1 for Storage Spaces Direct.
What should you do first?
- A . Set Disk 1 to offline.
- B . Convert Partition (E:) to ReFS.
- C . Convert Disk 1 to a dynamic disk.
- D . Delete Partition (E:).
D
Explanation:
The disks used in Storage Spaces Direct cannot contain existing partitions.
Your network contains an Active Directory domain. The domain contains two Hyper-V hosts.
You plan to perform live migrations between the hosts.
You need to ensure that the live migration traffic is authenticated by using Kerberos.
What should you do first?
- A . From Server Manager, install the Host Guardian Service server role on a domain controller.
- B . From Active Directory Users and Computers, add the computer accounts for both servers to the Cryptographic Operators group.
- C . From Active Directory Users and Computers, modify the Delegation properties of the computer accounts for both servers.
- D . From Server Manager, install the Host Guardian Service server role on both servers.
C
Explanation:
If you have decided to use Kerberos to authenticate live migration traffic, configure constrained delegation before you proceed to the rest of the steps. To configure constrained delegation
HOTSPOT
You have a four-node Hyper-V cluster named Cluster1. A virtual machine named VM1 runs on Cluster1. VM1 has a network adapter that connects to a
virtual switch named Network1.
You need to prevent a network disconnection on VM1 from causing VM1 to move to another cluster node.
What command should you run? To answer, select the appropriate options in the answer area.
You have an Active Directory domain named Contoso.com. The domain contains servers named
Server1, Server2 and Server3 that run Windows Server 2016.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. You add a Hyper-V Replica Broker role named Broker1 to Cluster1. Server3 is a Hyper-V server. A virtual machine named VM1 runs on Server3.
Live Migration is enabled on all three servers and it is configured to use Kerberos authentication only. You need to ensure that you can perform the migration of VM1 to Server2.
What should you do?
- A . Add the Server3 computer account to the Replicator group on Server1 and Server2.
- B . Modify the Delegation settings on the Server3 computer account.
- C . Modify the Storage Migration settings on Server3.
- D . Modify the Cluster permissions for Cluster1.
B
Explanation:
If you have decided to use Kerberos to authenticate live migration traffic, configure constrained delegation before you proceed to the rest of the steps. To configure constrained delegation Etc.
References: https://technet.microsoft.com/en-us/library/jj134199(v=ws.11).aspx
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You are publishing an application named App1 that will use Integrated Windows authentication as shown in the following graphic.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Explanation:
Publish an Integrated Windows authenticated-based Application for WebBrowser Clients Step 1: (configure the Backend server SPN C see first bulleted item below) Before you begin, make sure that you have done the following:
Step 2: http//server2.contoso.com/publish/app1 Use the same URL as the backend server URL. Web Application Proxy can translate host names in URLs, but cannot translate path names. Therefore, you can enter different host names, but you must enter the same path name. For example, you can enter an external URL of https://apps.contoso.com/app1/ and a backend server URL of http://app-server/app1/.
However, you cannot enter an external URL of https://apps.contoso.com/app1/ and a backend server URL of https://apps.contoso.com/internalapp1/.
References: https://technet.microsoft.com/en-us/library/dn383640(v=ws.11).aspx
Your network contains three Hyper-V hosts. You add all of the hosts to a cluster.
You need to create highly available storage spaces that connect to directly attached storage on the hosts.
Which cmdlet should you use?
- A . Update-ClusterVirtualMachineConfiguration
- B . Enable-ClusterStorageSpacesDirect
- C . Set-StoragePool
- D . Add-ClusterDisk
B
Explanation:
The Enable-ClusterStorageSpacesDirect cmdlet enables highly available Storage Spaces that use directly attached storage Storage Spaces Direct (S2D) on a cluster.
You are configuring a Windows Server 2016 failover cluster in a workgroup.
Before installing one of the nodes, you run the ipconfig /all command and receive the following output.
You need to ensure that Server1 can be added as a node in the cluster.
What should you do?
- A . Configure a DNS suffix.
- B . Enable NetBIOS over TCP/IP.
- C . Change the Node Type to Broadcast.
- D . Assign a static IP address.
A
Explanation:
In addition to the pre-requisites of Single-domain clusters, there are additional pre-requisites for Multi-domain or Workgroup clusters in the Windows Server 2016 including Primary DNS Suffix Requirements.
Note: Failover Clusters can now be created in the following configurations:
References: https://blogs.msdn.microsoft.com/clustering/2015/08/17/workgroup-and-multi-domainclusters-in-windows-server-2016/
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. Server1 is located in the perimeter network.
You install the Active Directory Federation Services server role on Server1. You create an Active Directory Federation Services (AD FS) farm by using a certificate that has a subject name of sts.contoso.com.
You need to enable certificate authentication from the Internet on Server1.
Which two inbound TCP ports should you open on the firewall? Each correct answer presents part of the solution.
- A . 389
- B . 443
- C . 3389
- D . 8531
- E . 49443
B,E
Explanation:
Configuring the following network services appropriately is critical for successful deployment of AD FS in your organization: Configuring Corporate Firewall
References: https://technet.microsoft.com/en-us/library/dn554247(v=ws.11).aspx https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/design/ad-fsrequirements#BKMK_7
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You publish an application named App1 by using the Web Application Proxy. You need to change the URL that users use to connect to App1 when they work remotely.
Which command should you run? To answer, select the appropriate options in the answer area.
Explanation:
The Set-WebApplicationProxyApplication cmdlet modifies settings of a web application published through Web Application Proxy. Specify the web application to modify by using its ID. Note that the method of preauthentication cannot be changed. The cmdlet ensures that no other applications are already configured to use any specified ExternalURL or BackendServerURL.
References: https://technet.microsoft.com/itpro/powershell/windows/wap/setwebapplicationproxyapplication
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2016.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. You have a highly available virtual machine named VM1. Server1 is the owner node of VM1. Server3 and Server4 are nodes of a scale-out file server named Cluster2.
The storage on Server1 is configured as shown in the following table.
VM1 is stored in C:ClusterStorageVolume1. You need to move the virtual disk of VM1 to a different location.
What should you do? To answer, select the appropriate options in the answer area.
Explanation:
Box 1: Failover Cluster Manager
You can use Failover Cluster Manager to do a Storage Migration to a shared folder.
Box 2: \Cluster2Share1
For a highly-available VM, the storage must be accessible by all nodes in the cluster. Therefore, in this scenario, we have to use the file share.
You c
References:
https://blogs.msdn.microsoft.com/clustering/2012/04/26/windows-server-2012-storage-migration-for-cluster-managed-virtual-machines/
HOTSPOT
You have a Windows Server 2016 failover cluster that has a cluster network named ClusterNetwork1.
You need to ensure that ClusterNetwork1 is enabled for cluster communication only.
What command should you run? To answer, select the appropriate options in the answer area.
Explanation:
Box 1: Get-ClusterNetwork
Cluster network roles can be changed using PowerShell command, Get-ClusterNetwork.
For example:
(Get-ClusterNetwork “Cluster Network 1”). Role =1
Box 2: Role
Cluster Network Roles:
Cluster networks are automatically created for all logical subnets connected to all nodes in the Cluster. Each network adapter card connected to a common subnet will be listed in Failover Cluster Manager. Cluster networks can be configured for different uses.
Three roles:
References: https://blogs.technet.microsoft.com/askcore/2014/02/19/configuring-windows-failover-cluster-networks/
HOTSPOT
Your network contains an Active Directory forest named contoso.com.
Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1 to authenticate users.
You have a member server named Server2 that runs Windows Server 2016. You install the Active Directory Federation Services (AD FS) server role on Server2 and create an AD FS farm.
You need to configure AD FS to authenticate users from the AD LDS server.
Which cmdlets should you run? To answer, select the appropriate options in the answer area.
Explanation:
To configure your AD FSfarm to authenticate users from an LDAP directory, you can complete the following steps:
Step 1: New-AdfsLdapServerConnection
First, configure a connection to your LDAP directory using the New-AdfsLdapServerConnection cmdlet:
$DirectoryCred = Get-Credential
$vendorDirectory = New-AdfsLdapServerConnection CHostName dirserver CPort 50000CSslMode None CAuthenticationMethod Basic CCredential $DirectoryCred
Step 2 (optional):
Next, you can perform the optional step of mapping LDAP attributes to the existing AD FS claims using the New-AdfsLdapAttributeToClaimMapping cmdlet.
Step 3: Add-AdfsLocalClaimsProviderTrust
Finally, you must register the LDAP store with AD FS as a local claims provider trust using the Add-AdfsLocalClaimsProviderTrust cmdlet:
Add-AdfsLocalClaimsProviderTrust CName “Vendors” CIdentifier “urn:vendors” CType L
References: https://technet.microsoft.com/en-us/library/dn823754(v=ws.11).aspx
Your network contains an Active Directory forest named contoso.com.
You have an Active Directory Federation Services (AD FS) farm. The farm contains a server named Server1 that runs Windows Server 2012 R2. You add a server named Server2 to the farm. Server2 runs Windows Server 2016.
You remove Server1 from the farm. You need to ensure that you can use role separation to manage the farm.
Which cmdlet should you run?
- A . Update-AdfsRelyingPartyTrust
- B . Invoke-AdfsFarmBehaviorLevelRaise
- C . Set-AdfsFarmInformation
- D . Set-AdfsProperties
B
Explanation:
AD FS for Windows Server 2016 introduces the ability to have separation between server administrators and AD FS service administrators.
After upgrading our ADFS servers to Windows Server 2016, the last step is to raise the Farm Behavior Level using the Invoke-AdfsFarmBehaviorLevelRaise PowerShell cmdlet.
To upgrade the farm behavior level from Windows Server 2012 R2 to Windows Server 2016 use the Invoke-ADFSFarmBehaviorLevelRaise cmdlet.
References: https://technet.microsoft.com/en-us/library/mt605334(v=ws.11).aspx
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You need to publish Microsoft Exchange Server 2013 services through the Web Application Proxy. The solution must use preauthentication whenever possible.
How should you configure the preauthentication method for each service? To answer, select the appropriate options in the answer area.
Explanation:
Box 1: Pass-through
Box 2: Active Directory Federation Services (ADFS)
Box 3: Pass-through
The following table describes the Exchange services that you can publish through Web Application Proxy and the supported preauthentication for these services:
References: https://technet.microsoft.com/en-us/library/dn528827(v=ws.11).aspx
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Windows Application Proxy role service installed.
You need to publish Microsoft Exchange ActiveSync services by using the Publish New Application Wizard. The ActiveSync services must use preauthentication.
How should you configure Server1? To answer, select the appropriate options in the answer area.
Explanation:
Box 1: Active Directory Federation Services (ADFS)
The well-known HTTP basic authentication that you can use in scenarios such as ExchangeActive Sync (ActiveSync). This is a new capability included in this release of Web Application Proxy. For the ActiveSync scenario, the authentication process includes four core steps:
Box 2: HTTP Basic
The well-known HTTP basic authentication that you can use in scenarios such as Exchange Active Sync (ActiveSync).
HOTSPOT
You have a server that runs Windows Server 2016.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Explanation:
Box 1: No
The LastWriteTime of DC01.vhd was on June 21, 2016, and the current date is also June 21, 2016, but the MinimumFileAgeDays is 3.
MinimumFileAgeDays specifies a number of days. The deduplication engine optimizes files that users have not accessed in the number of days that you specify. If the last access time is not available, then the deduplication engine uses the last modified time.
Box 2: No
The size of Readme.txt, 12400bytes, is less than the Minimum File size, 32768 bytes.
MinimumFileSize specifies the minimum size threshold, in bytes, for files that are optimized. The deduplication engine does not optimize files that do not meet the minimum threshold.
Box 3: Yes
The Software ISO file is both large and old enough for deduplication.
References: https://technet.microsoft.com/en-us/library/hh848438.aspx
DRAG DROP
You have a server that runs Windows Server 2016. You install three additional disks named Disk1, Disk2, and Disk3. You plan to use these physical disks to store data.
You need to create a volume to store data. The solution must prevent data loss in the event of a single disk failure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: Create a Storage Pool
First we create a Storage Pool. We specify which disks should be included in the storage pool.
Example:
Step 2: Create a Virtual Disk
After creating the storage pool now start creating a virtual disk for the pool you had created.
Step 3: Create a Volume
After creating the virtual disk, create a volume with the NewVolume Wizard.
You create the volume on the Virtual Disk you created in Step 2.
References: http://www.tactig.com/create-a-storage-pool-windows-server/
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. The servers have the same hardware configuration.
You need to asynchronously replicate volume F: from Server1 to Server2.
What should you do?
- A . Install the Failover Clustering feature and create a new cluster resource group.
- B . Run Set-DfsrServiceConfiguration and specify the CRPCPort parameter.
- C . Run New-SRPartnership and specify the CReplicationMode parameter.
- D . Install the Failover Clustering feature and use Cluster Shared Volumes (CSV).
C
Explanation:
Run New-SRPartnership and specify the CReplicationMode parameter.
References: https://www.starwindsoftware.com/blog/how-to-configure-storage-replication-usingwindows-server-2016-part-2
You have a server named Server1 that runs Windows Server 2016.
The disks on Server1 are configured as shown in the following table:
Windows Server 2016 is installed in C:Windows.
On which two volumes can you enable data deduplication? Each correct answer presents a complete solution.
- A . C:
- B . D:
- C . E:
- D . F:
- E . G:
C,E
Explanation:
Volumes that are candidates for deduplication must conform to the following requirements: References: https://technet.microsoft.com/en-us/library/hh831700(v=ws.11).aspx
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have a Hyper-V host named Server1 that runs Windows Server 2016. You plan to deploy several shielded virtual machines on Server1.
You deploy a Host Guardian on a new server.
You need to ensure that Server1 can host shielded virtual machines.
What should you do first?
- A . the Mount-VHD cmdlet
- B . the Diskpart command
- C . the Set-VHD cmdlet
- D . the Set-VM cmdlet
- E . the Set-VMHost cmdlet
- F . the Set-VMProcessor cmdlet
- G . the Install-WindowsFeature cmdlet
- H . the Optimize-VHD cmdlet
G
Explanation:
Installing Host Guardian Service (HGS) Role On a machine running Windows Server 2016, install the Host Guardian Service role using Server Manager or Windows PowerShell. From the command line issue the following command:
Install-WindowsFeature HostGuardianServiceRole CIncludeManagementTools
References: https://blogs.technet.microsoft.com/datacentersecurity/2016/03/16/windows-server2016-and-host-guardian-service-for-shielded-vms/
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have an Active Directory domain that contains two Hyper-V servers named Server1 and Server2. Server1 has Windows Server 2016 installed. Server2 has Windows Server 2012 R2 installed.
Each Hyper-V server has three network cards. Each network card is connected to a different subnet. Server1 contains a dedicated migration network.
Server2 contains a virtual machine named VM5.
You plan to perform a live migration of VM5 to Server1.
You need to ensure that Server1 uses all available networks to perform the live migration of VM5.
What should you run?
- A . the Mount-VHD cmdlet
- B . the Diskpart command
- C . the Set-VHD cmdlet
- D . the Set-VM cmdlet
- E . the Set-VMHost cmdlet
- F . the Set-VMProcessorcmdlet
- G . the Install-WindowsFeature cmdlet
- H . the Optimize-VHD cmdlet
E
Explanation:
Set-VMHost -UseAnyNetworkForMigration
Specifies how networks are selected for incoming live migration traffic. If set to $True, any available network on the host can be used for this traffic. If set to $False, incoming live migration traffic is transmitted only on the networks specified in the MigrationNetworks property of the host.
References: https://technet.microsoft.com/en-us/library/hh848524.aspx
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a virtual machine that uses a virtual hard disk (VHD) named disk1.vhdx.
You receive the following warning message from Event Viewer: “One or more virtual hard disks have a physical sector size that is smaller than the physical sector size of the storage on which the virtual hard disk file is located.”
You need to resolve the problem that causes the warning message.
What should you run?
- A . the Mount-VHD cmdlet
- B . the Diskpart command
- C . the Set-VHD cmdlet
- D . the Set-VM cmdlet
- E . the Set-VMHost cmdlet
- F . the Set-VMProcessor cmdlet
- G . the Install-WindowsFeature cmdlet
- H . the Optimize-VHD cmdlet
C
Explanation:
Issue
One or more virtual hard disks have a physical sector size that is smaller than the physical sector size of the storage on which the virtual hard disk file is located.
Resolution
Do one of the following:
The Set-VHD cmdlet sets the ParentPath or PhysicalSectorSizeBytes properties of a virtual hard disk. The two properties must be set in separate operations.
The Set-VHD -PhysicalSectorSizeBytes parameter specifies the physical sector size, in bytes. Valid values are 512 and 4096. This parameter is supported only on a VHDX-format disk that is not attached when the operation is initiated.
References:
https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/best-practices-analyzer/avoid-using-virtual-hard-disks-with-sector-size-less-than-size-of-physical
https://technet.microsoft.com/en-us/library/hh848561.aspx
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 contains a virtual machine named VM1.
You need to ensure that you can use nested virtualization on VM1.
What should you run on Server1?
- A . the Mount-VHD cmdlet
- B . the Diskpart command
- C . the Set-VHD cmdlet
- D . the Set-VMcmdlet
- E . the Set-VMHost cmdlet
- F . theSet-VMProcessor cmdlet
- G . the Install-WindowsFeature cmdlet
- H . the Optimize-VHD cmdlet
F
Explanation:
Configure Nested Virtualization
Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Etc.
References: https://msdn.microsoft.com/enus/virtualization/hyperv_on_windows/user_guide/nesting
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a dynamically expanding virtual hard disk (VHD) file that is 900 GB. The VHD contains 400 GB of free space.
You need to reduce the amount of disk space used by the VHD.
What should you run?
- A . the Mount-VHD cmdlet
- B . the Diskpart command
- C . the Set-VHD cmdlet
- D . the Set-VM cmdlet
- E . the Set-VMHost cmdlet
- F . the Set-VMProcessor cmdlet
- G . the Install-WindowsFeature cmdlet
- H . the Optimize-VHD cmdlet
H
Explanation:
The Optimize-VHD cmdlet optimizes the allocation of space in or more virtual hard disk files, except for fixed virtual hard disks. The Compact operation is used to optimize the files. This operation reclaims unused blocks as well as rearranges the blocks to be more efficiently packed, which reduces the size of a virtual hard disk file.
References: https://technet.microsoft.com/en-us/itpro/powershell/windows/hyper-v/optimize-vhd
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 hosts a virtual machine named VM1. You need to provide VM1 with direct access to a graphics processing unit (GPU) on Server1.
What should you do first?
- A . OnVM1, install the Quality Windows Audio Video Experience (qWave) feature.
- B . Disable the display adapter device on Server1.
- C . In the settings of VM1, add a RemoteFX 3D Video Adapter.
- D . Dismount the display adapter on Server1.
B
Explanation:
Before the physical device is allowed to be passed through to the VM, the device must be disabled on the host system. The physical device must be accessible/available exclusively to the VM only.
References: Introduction to Windows Server 2016 Hyper-V DiscreteDevice Assignment, page 5 https://lenovopress.com/lp0088.pdf
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP scopes configured. The IPAM server retrieves data from Server2 and Server3.
A domain user named User1 is a member of the groups shown in the following table.
On Server1, you create a security policy for User1. The policy grants the IPAM DHCP Scope Administrator Role with the Global access scope to the user.
Which actions can User1 perform? To answer, select the appropriate options in the answer area.
Explanation:
User1 is using Server Manager, not IPAM to perform the administration. Therefore, only the “DHCP Administrators” permission on Server2 and the “DHCP Users” permissions on Server3 are applied. The permissions granted through membership of the “IPAM DHCP Scope Administrator Role” are not applied when the user is not using the IPAM console.
You have two Hyper-V hosts named Server1 and Server2 that run Windows Server 2016.
The following virtual switches are configured on the Hyper-V hosts.
The following virtual machines run on the Hyper-V hosts.
All virtual machines have IP addresses from the 192.168.1.0/24 network. VLANs are configured in Hyper-V only. Physical switches are not configured with VLANs.
To which virtual machine or virtual machines can VM1 connect?
- A . VM2, VM3, VM5 and VM6 only
- B . VM2, VM3 and VM4 only
- C . VM2 only
- D . VM2 and VM5 only
D
Explanation:
If the port is set to a specific VLAN, then that port becomes a member of that VLAN. Its frames are still untagged, but the switch will only allow that port to communicate with other devices on the same VLAN.
References: http://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You install IP Address Management (IPAM) on Server1. You need to manually start discovery of servers that IPAM can manage in contoso.com.
Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Explanation:
Step 1: Invoke-IpamServerProvisioning
Choose a provisioning method
The Invoke-IpamGpoProvisioning cmdlet creates and links three group policies specified in the Domain parameter for provisioningrequired access settingson the server roles managed by the computer running the IP Address Management (IPAM) server.
Step 2: Add-IpamDiscoveryDomain
Configure the scope of discovery
The Add-IpamDiscoveryDomain cmdlet adds an Active Directory discovery domain for an IP AddressManagement (IPAM) server. A discovery domain is a domain that IPAM searches to find infrastructure servers. An IPAM server uses the list of discovery domains to determine what type of servers to add. By default, IPAM discovers all domain controllers, Dynamic Host Configuration Protocol (DHCP) servers, and Domain Name System (DNS) servers.
Step 3: Start-ScheduledTask
Start server discovery
To begin discovering servers on the network, click Start server discovery to launch the IPAM ServerDiscovery task or use the Start-ScheduledTask command.
You have an Active Directory domain named contoso.com.
The computers in contoso.com are installed by using Windows Deployment Services. You have a server named Server1 that runs Windows Server 2016. Server1 is a member of contoso.com. Server1 has the Hyper-V role installed. Virtual machines on Server1 are connected to an external switch named Switch1.
You create a virtual machine named VM1 on Server1 by running the following cmdlets.
You need to ensure that you can install the operating system on VM1 by using Windows Deployment Services.
What should you do?
- A . Add a legacy network adapter to VM1.
- B . Modify the SwitchType parameter of Switch1.
- C . Modify the DefaultFlowMinimumBandwidthWeigth parameter of Switch1.
- D . Add a SCSI controller to VM1.
A
Explanation:
A legacy network adapter is required for PXE boot.
Not B: The switch is an External switch which is what is required.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM Group Policy objects (GPOs) is IP.
From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.
You need to modify the GPO prefix used by IPAM.
What should you do?
- A . Click Configure server discovery in Server Manager.
- B . Run the Set-IpamConfiguration cmdlet.
- C . Run the Invoke-IpamGpoProvisioning cmdlet.
- D . Click Provision the IPAM server in Server Manager.
B
Explanation:
The Set-IpamConfiguration cmdlet modifies the configuration for the computer that runs the IPAM server. The -GpoPrefix<String> parameter specifies the unique Group Policy object (GPO) prefix name that IPAM uses to create the group policy objects. Use this parameter only when the value of the ProvisioningMethod parameter is set to Automatic.
References: https://technet.microsoft.com/en-us/library/jj590816.aspx
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed.
You need to integrate IPAM and VMM.
Which types of objects should you create on each server? To answer, drag the appropriate object types to the correct servers. Each object type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
Server 1 (IPAM): Access Policy
VMM must be granted permission to view and modify IP address space in IPAM, and to perform remote management of the IPAM server. VMM uses a “Run As” account to provide these permissions to the IPAM network service plugin. The “Run As” account must be configured with appropriate permission on the IPAM server.
To assign permissions to the VMM user account
In the IPAM server console, in the upper navigation pane, click ACCESS CONTROL, right-click Access Policies in the lower navigation pane, and then click Add AccessPolicy.
Etc.
Server 2 (VMM) #1: Network Service
Server 2 (VMM) #2: Run As Account
Perform the following procedure using the System Center VMM console.
To configure VMM (see step 1-3, step 6-7)
Etc.
References: https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1 and a member server named Server2.
Server1 has the DNS Server role installed. Server2 has IP Address Management (IPAM) installed.
The IPAM server retrieves zones from Server1 as shown in the following table.
The IPAM server has one access policy configured as shown in the exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Explanation:
Box 1: Yes
As a member of the IPAM DNS Administrator Role of the ADatum zone, User1 can add DNS records to it.
Box 2: Yes
As a member of the DNS Record Administrator Role of the Fabrikam zone, User1 can add DNS records to it.
Box 3: No
DNS Record Administrators cannot delete zones, only administer DNS records.
References: https://technet.microsoft.com/en-us/library/hh831353(v=ws.11).aspx
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2, Server3, and Server 4 have the DHCP Server role installed. IPAM manages Server2, Server3, and Server4.
A domain user named User1 is a member of the groups shown in the following table.
Which actions can User1 perform? To answer, select the appropriate options in the answer area.
Explanation:
Box 1: Can be performed by User1
DHCP Administrators can create DHCP scopes.
Box 2: Cannot be performed by User1
DHCP Users cannot create scopes.
Box 3: Cannot be performed by User1
IPAM users cannot creates copes.
References: https://technet.microsoft.com/en-us/library/dn741281(v=ws.11).aspx#create_access_scope
DRAG DROP
Your network contains two Hyper-V servers named Server1 and Server2. Server1 has Windows 2012 R2 installed. Server2 has Windows Server 2016 installed.
You perform a live migration of a virtual machine named VM1 from Server1 to Server2.
You need to create a production checkpoint for VM1 on Server2.
What three Windows PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of actions to the answer area and arrange them in the correct order.
Explanation:
We need to update the VM Version to enable the Production Checkpoints feature.
Step 1: Stop-VM
The virtual machine should be shut down before upgrading it.
Step 2. Update-VMVersion
To upgrade the virtual machine configuration version by using Windows PowerShell, use the Update-VMVersion cmdlet.
Step 3: CheckPoint-VM
The Checkpoint-VM cmdlet creates a checkpoint of a virtual machine.
Note: There is no Upgrade-VMVersion cmdlet
DRAG DROP
You install a new Nano Server named Nano1. Nano1 is a member of a workgroup and has an IP address of 192.168.1.10.
You have a server named Server1 that runs Windows Server 2016.
From Server1, you need to establish a Windows PowerShell session to Nano1.
How should you complete the PowerShell script? To answer, drag the appropriate cmdlets to the correct targets. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
How to access Nano Server
Because Nano Server does not support a local session, it must be accessed remotely.
References: https://msdn.microsoft.com/en-us/library/mt708805(v=vs.85).aspx
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1.
Server1 is configured to use a forwarder named Server2 that has an IP address of 10.0.0.10. Server2 can resolve names hosted on the Internet successfully. Server2 hosts a primary DNS zone named adatum.com
On Server1, you have the following zone configuration.
The “.” zone contains the following records.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
Explanation:
Server1 has a root (.) zone. A root zone will disable the use of any forwarders. Therefore, Server1 can only resolve DNS queries for zones that Server1 hosts (zones that Server1 is authoritative for). Therefore, Server1 can resolve hostnames in the contoso.com zone.
HOTSPOT
Your network contains an Active Directory forest. The forest contains two domain controllers named DC1 and DC2 that run Windows Server 2016. DC1 holds all of the operations master roles.
DC1 experiences a hardware failure.
You plan to use an automated process that will create 1,000 user accounts. You need to ensure that the automated process can complete successfully.
Which command should you run? To answer, select the appropriate options in the answer area.
Explanation:
Box 1: Move-ADDirectoryServerOperationMasterRole
Box 2: RIDMaster
Box 3: -Force
DRAG DROP
You have a Hyper-V host named Server1 that runs Windows Server 2016.
The installation source files for Windows Server 2016 are located in D:Source.
You need to create a Nano Server image.
Which cmdlets should you run? To answer, drag the appropriate cmdlets to the correct targets. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bat between panes or scroll to view content.
Explanation:
Step 1: Import Module
Import-Module .NanoServerImageGenerator.psm1
Step 2: New New-NanoServerImage
Create Nano Server Image VHDX
New-NanoServerImage -MediaPath .Files -BasePath.Base -TargetPath .ImagesNanoVMGA.vhdx
References: https://technet.microsoft.com/en-us/windows-server-docs/get-started/deploy-nano-server
DRAG DROP
You have a network that contains several servers that run Windows Server 2016.
You need to use Desired State Configuration (DSC) to configure the servers to meet the following requirements:
How should you configure the DSC recourses? To answer, drag the appropriate values to the correct locations. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
Box 1: WindowsFeature
The WindowsFeature resource in Windows PowerShell Desired State Configuration (DSC) provides a mechanism to ensure that roles and features are added or removed on atarget node.
Box 2: Present
The Ensure Property indicates if the role or feature is added. To ensure that the role or feature is added, set this property to "Present" To ensure that the role or feature is removed, set the property to "Absent".
Example:
WindowsFeature RoleExample
{
Ensure = "Present"
# Alternatively, to ensure the role is uninstalled, set Ensure to "Absent"
Name = "Web-Server"# Use the Name property from Get-WindowsFeature
}
Box 3: Service
The Service resource in Windows PowerShell Desired State Configuration (DSC) provides a mechanism to manage services on the target node.
Box 4: Running
The State property indicates the state, either Running or Stopped, you want to ensure for the service.
References:
https://msdn.microsoft.com/en-us/powershell/dsc/windowsfeatureresource
https://msdn.microsoft.com/en-us/powershell/dsc/serviceresource
HOTSPOT
Your network contains an Active Directory forest. The forest contains two sites named Site1 and Site2. Site1 contains 10 domain controllers. Site1 and Site2 connect to each other by using a WAN link.
You run the Active Directory Domain Services Configuration Wizard as shown in the following graphic.
Server3 is the only server in Site2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Explanation:
Box 1: stop and start the Active Directory Domain Services (AD DS)
Box 2: Can log on if they have previously logged on.
By selectively caching credentials, RODCs address some of the challenges that enterprises can encounter in branch offices and perimeter networks (also known as DMZs) that may lack the physical security that is commonly found in datacenters and hub sites.
You deploy a Hyper-V server named Server1 in an isolated test environment. The test environment is prevented from accessing the Internet. Server1 runs the Datacenter edition of Windows Server 2016.
You plan to deploy the following guest virtual machines on the server:
Which activation model should you use for the virtual machines?
- A . Multiple Activation Key (MAK)
- B . Key Management Service (KMS)
- C . Original Equipment Manufacturer (OEM) key
- D . Automatic Virtual Machine Activation (AVMA)
D
Explanation:
https://technet.microsoft.com/en-us/library/dn303421(v=ws.11).aspx
AVMA lets you install virtual machines on a properly activated Windows server without having to manage product keys for each individual virtual machine, even in disconnected environments. AVMA binds the virtual machine activation to the licensed virtualization server and activates the virtual machine when it starts up. AVMA also provides real-time reporting on usage and historical data on the license state of the virtual machine. Reporting and tracking data is available on the virtualization server.
Active Directory Recycle Bin is enabled. You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. You need to restore the membership of Group1.
What should you do?
- A . Perform tombstone reanimation.
- B . Export and import data by using Dsamain.
- C . Perform a non-authoritative restore.
- D . Recover the items by using Active Directory Recycle Bin.
B
Explanation:
A group has been modified. Nothing has been deleted. Therefore, answers A and D will not work. Answer C would work if it was an authoritative restore, but not a non-authoritative restore.
The solution is to recover an earlier copy of the group from a backup or active directory snapshot by using DSadmain.
https://technet.microsoft.com/en-us/library/cc753609(v=ws.10)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
In this section, you’ll see one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. Any of the solutions might solve the problem. It is also possible that none of the solutions solve the problem.
Once you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.
Solution: From windows PowerShell on Server1, you run the Add-DnsServerTrust Anchor cmdlet.
Does this meet the goal?
- A . Yes
- B . No
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.
Solution: From Windows PowerShell on Server1, you run the Export-DnsServerDnsSecPublicKey cmdlet.
Does this meet the goal?
- A . Yes
- B . No
Your Network contains one Active Directory domain named contoso.com.
You pilot DirectAccess on the network.
During the pilot deployment, you enable DirectAccess only for a group ContosoTest Computers.
Once the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.
What should you do?
- A . From Windows PowerShell, run the Set-DAClient cmdlet.
- B . From Windows PowerShell, run the Set-DirectAccess cmdlet.
- C . From Active Directory Users and Computers, modify the membership of the Windows Authorization Access Group.
- D . From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.
You have a server named Server1.
You enable BitLocker Drive Encryption (BitLocker) on Server1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?
- A . Initialize-Tpm
- B . Import-TpmOwnerAuth
- C . repair-bde.exe
- D . bdehdcfg-exe
You have two servers named Server1 and Server2. A firewall exists between Server1 and Server2.
Both servers run Windows Server Update Services (WSUS). Server1 downloads updates from Microsoft update.
Server2 must synchronize updates from Server1.
Which port should to open on the firewall?
- A . 80
- B . 443
- C . 3389
- D . 8530
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named contoso.com.
You need to identify which server is the schema master.
Solution: You open Active Directory Users and Computers, right-click contoso.com in the console tree, and then click Operations Master.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
This solution only shows the domain FSMO roles, not the forest FSMO roles.
References: https://blogs.technet.microsoft.com/mempson/2007/11/08/how-to-find-out-who-hasyour-fsmo-roles/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After your answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named contoso.com. You need to identify which server is the schema master.
Solution: From a command prompt, you run netdom query fsmo.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
References: https://blogs.technet.microsoft.com/mempson/2007/11/08/how-to-find-out-who-hasyour-fsmo-roles/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After your answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com.
You need to identify which server is the schema master.
Solution: From Windows PowerShell, you run Get-ADDomainController -Discover -Service 2.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
References: https://blogs.technet.microsoft.com/mempson/2007/11/08/how-to-find-out-who-has-your-fsmoroles/
You have a server named Server1 that runs Windows Server 2016. The Docker daemon runs on Server1.
You need to configure the Docker daemon to accept connections only on TCP port 64500.
What should you do?
- A . Run the sc control command.
- B . Run the New-NetFirewallRule cmdlet.
- C . Modify the routing table on Server1.
- D . Run the sc config command.
D
Explanation:
References: https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-
docker-daemon
You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host that hosts a virtual machine named VM1.
Server1 has three network adapter cards that are connected to virtual switches named vSwitch1, vSwitch2 and vSwitch3.
You configure NIC Teaming on VM1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that VM1 will retain access to the network if a physical network adapter card
fails on Server1.
What should you do?
- A . From the properties of the NIC team on VM1, change the load balancing of the NIC team.
- B . From Hyper-V Manager on Server1, modify the settings of VM1.
- C . From Windows PowerShell on Server1, run the Set-VmNetworkAdapterFailoverConfigurationcmdlet.
- D . From Hyper-V Manager on Server1, modify the properties of vSwitch1.
B
Explanation:
You can configure NIC teaming in the Guest OS; however, before NIC teaming will work in a virtual machine, you need to enable NIC teaming in the Advanced Features section of the VM settings.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After your answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com.
You need to identify which server is the schema master.
Solution: You open Active Directory Domains and Trusts, right-click Active Directory Domains and Trust in the console tree, and then click Operations Master.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
This solution only shows the Domain Naming Master.
You have a server named Server1 that runs Windows Server 2016. The Docker daemon runs on Server1.
You need to ensure that members of a security group named Docker Administrators can administer Docker.
What should you do?
- A . Run theSet-Service cmdlet.
- B . Modify the Security settings of Dockerd.exe.
- C . Edit the Daemon.json file.
- D . Modify the Security settings of Docker.exe.
C
Explanation:
References:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon
The preferred method for configuring the Docker Engine on Windows is using a configuration file. The configuration file can be found at ‘c:ProgramDatadockerconfigdaemon.json’. If this file does not already exist, it can be created.
This sample configures the Docker Engine to accept incoming connections on port 2375. All other configuration options will use default values.
{ “hosts”: [“tcp://0.0.0.0:2375”] }
this sample configures the Docker daemon to only accept secured connections over port 2376.
{ “hosts”: [“tcp://0.0.0.0:2376”, “npipe://”], “tlsverify”: true, “tlscacert”: “C:\ProgramData\docker\certs.d\ca.pem”, “tlscert”: “C:\ProgramData\docker\certs.d\server-cert.pem”, “tlskey”: “C:\ProgramData\docker\certs.d\server-key.pem”, }
Source: https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon
HOTSPOT
You have a server named Server1 that runs Windows Server 2016 server.
Server1 has the Docker daemon configured and has a container named Container1.
You need to mount the folder C:Folder1 on Server1 to C:ContainerFolder in Container1.
Which command should you run? To answer, select the appropriate options in the answer area.
You have a Hyper-V host that runs Windows Server 2016. The host contains a virtual machine named VM1. VM1 has resource metering enabled.
You need to use resource metering to track the amount of network traffic that VM1 sends to the 10.0.0.0/8 network.
Which cmdlet should you run?
- A . New-VMResourcePool
- B . Set-VMNetworkAdapter
- C . Add-VMNetworkAdapterAcl
- D . Set-VMNetworkAdapterRoutingDomainMapping
C
Explanation:
References: https://technet.microsoft.com/itpro/powershell/windows/hyper-v/add-vmnetworkadapteracl
DRAG DROP
You have a physical server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host. On Server1, you create a virtual machine named VM1 that runs Windows Server 2016.
You plan to install the Hyper-V server role on VM1.
You need to ensure that you can configure VM1 to host virtual machines.
How should you compete the Windows PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has two virtual machines named VM1 and VM2.
You discover that VM1 and VM2 can communicate with Server1 over the network.
You need to ensure that VM1 and VM2 can communicate with each other only. The solution must prevent VM1 and VM2 from communicating with Server1.
Which cmdlet should you use?
- A . Enable-VMSwitchExtention
- B . Set-NetNeighbor
- C . Set-VMSwitch
- D . Remove-VMSwitchTeamMember
C
Explanation:
The virtual switch needs to be configured as an “Private” switch.
What you need is a private switch to insure VM1 and VM2 can talk to each other, but not the host. The difference between this and an Internal switch is that VM1 and VM2 can talk to the host and each other. Regardless the command is the same:
Set-VMSwitch (switchname)-SwitchType Private https://technet.microsoft.com/en-us/itpro/powershell/windows/hyper-v/set-vmswitch
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2016.
You install IP Address Management (IPAM) on Server1. You select the automatic provisioning method, and then you specify a prefix of IPAM1.
You need to configure the environment for automatic IPAM provisioning.
Which cmdlet should you run? To answer, select the appropriate options in the answer area.
Explanation:
Invoke-IpamGpoProvisioning CDomain contoso.com CGpoPrefixName IPAM CIpamServerFqdn dc1.contoso.com
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.
The domain has two users named User1 and User2 and a group named Group1. User1 is the only member of Group1.
Server1 has one IPAM access policy. You edit the access policy as shown in the Policy exhibit. (Click the Exhibit button.)
The DHCP scopes are configured as shown in the Scopes exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
Server1 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed. Server2 has IP Address Management (IPAM) installed.
You create a domain user named User1.
You need to integrate IPAM and VMM. VMM must use the account of User1 to manage IPAM. The solution must use the principle of least privilege.
What should you do on each server? To answer, select the appropriate options in the answer area.
Explanation:
References: https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx
HOTSPOT
You have a server named VM1. VM1 is a virtual machine on a Hyper-V host that runs Windows
Server 2016.
You need to create a checkpoint that includes the virtual machine memory state of VM1.
What commands should you run? To answer, select the appropriate options in the answer area.
