Chapter 1

Question 1

You manage a group of 10 Windows 8 workstations that are currently configured as a Workgroup.
Which are advantages you could realize by installing Active Directory and adding the computers to a domain?
(Select two.)

Centralized authentication
Centralized configuration control
Reduced need for specialized hardware
Decreased cost to implement
Increased local control of workstation settings

Answer 1

Centralized authentication

Centralized configuration control

Question 2

What terms are each of the following definitions describing?

Logical organization of resources

Collection of network resources

Collection of related domain trees

Resource in the directory

Group of related domains

Answer 2

Logical organization of resources
Organizational Unit

Collection of Network Resources
Domain

Collection of related domain trees
Forest

Resource in the Directory
Object

Group of related domains
Tree

Question 3

Define all these terms.

Domain Controller

Site

Subnet

Forest Root Domain

Tree Root Domain

Answer 3

Domain Controller
A server that holds a copy of the Active Directory
database that can be written to.

Site
Represents a group of networks that are
connected with high-speed links.

Subnet
Represents a physical network segment.

Forest Root Domain
The first domain created in an Active Directory
forest.

Tree Root Domain
The highest level domain in a tree.

Question 4

Define all these terms.

Data Table

Link Table

SD Table

Schema

Answer 4

Data Table
Contains all the information in the Active
Directory data store.

Link Table
Contains data that represents linked attributes.

SD Table
Contains data that represents inherited security descriptors for each object.

Schema
Identifies the object classes that exist in the tree
and the attributes of each class.

Question 5

You are the network administrator for your company. Your network consists of two Active Directory domains:
research.westsim.local and sales.westsim.local.
Your company has two sites: Dallas and Houston. Each site has two domain controllers, with one domain
controller for each domain.
Users in Houston who are members of the sales.westsim.local domain report slow performance when
logging in and accessing files in Dallas. Users in Dallas do not report any problems logging in and accessing
local resources. You want all users in Houston to experience adequate log on and resource access response
time.
What should you do?

Increase the replication frequency between the two sites.
Configure one of the domain controllers in Houston to be a global catalog server.
Enable universal group membership caching in Dallas.
Decrease the site link cost between the two sites.

Answer 5

Configure one of the domain controllers in Houston to be a global catalog server.

Question 6

You are the network administrator for an Active Directory forest with a single domain. The network has three
sites with one domain controller at each site. You have created and configured sites in Active Directory Sites
and Services, and replication is operating normally between sites.
You configure two universal groups for use in securing the network. All users are members of one universal
group or the other. After configuring the universal groups, users at sites 2 and 3 report slow login and slow
access to the corporate database. Users at site 1 can log in and access the corporate database with
acceptable performance. You want to improve login and resource access performance for users in sites 2 and
3.
What should you do? (Choose two. Each option is a complete solution.)

Place the sever object for all servers in site 1.
Decrease the replication interval between sites 1 and 3.
Configure the domain controllers at sites 2 and 3 as global catalog servers.
Enable universal group membership caching at sites 2 and 3.
Change the IP address scheme so that all users are on the IP subnet of site 1.

Answer 6

Configure the domain controllers at sites 2 and 3 as global catalog servers.
Enable universal group membership caching at sites 2 and 3.

Question 7

You manage a single-domain network named northsim.com. Currently, all users are located at a single site
in Miami.
You are opening a branch office in Orlando. The Orlando office is connected to the Miami location using a dial-
up connection and demand-dial routing. The link between offices is only used during the nighttime to
synchronize sales information. About 50 full-time sales people work in the Orlando office.
The branch office will have its own domain controller, ORD-DC1. You create a new site object for the Orlando
office and move the server into that site. You create a site link object that connects the Orlando site to the
Miami site.
Users are reporting that logon is slow. You find that during logon, the WAN link must be established before
logon is allowed. You want to improve logon for the Orlando location.
What should you do?

Decrease the site link cost on the site link between Orlando and Miami.
Enable Universal Group Membership Caching on the Orlando site.

Answer 7

Enable Universal Group Membership Caching on the Orlando site.

Question 8

You manage a network with a single domain named eastsim.com. The network currently has three domain
controllers.
During installation, you did not designate one of the domain controllers as a global catalog server. Now you
need to make the domain controller a global catalog server.
Which tools could you use? (Choose two.)

Computer Management
Active Directory Users and Computers
Active Directory Domains and Trusts
Active Directory Sites and Services
Security Configuration Wizard

Answer 8

Active Directory Users and Computers

Active Directory Sites and Services

Question 9

You are the network administrator for westsim.com. westsim.com has one main office and 10 branch
offices. The network consists of three Active Directory domains: westsim.com, eastsim.com, and
websales.eastsim.com. All the domain controllers run Windows Server 2012 R2.
Users on the westsim.com network often search for other employees based on the postal code attribute but
they complain that Active Directory searches take a long time to complete. You believe that you can speed up
searches by adding the postal code attribute to the Global Catalog.
What should you do?

In ADSIEdit, connect to the Default Naming Context, and then modify the properties of the Domain
Partition.
In Active Directory Sites and Services, the local Domain Controller, open the Properties of the NTDS Settings Object. Then select the Global Catalog check box.
In Active Directory Domains and Trusts, raise the Forest Functional Level to Windows Server 2008 R2.
In the Active Directory Schema snap-in, in the Properties of the Postal Code attribute, select the Replicate this attribute to the Global Catalog check box.

Answer 9

In the Active Directory Schema snap-in, in the Properties of the Postal Code attribute, select the Replicate this attribute to the Global Catalog check box.

Question 10

Your network currently has two domains: eastsim.com and sales.eastsim.com.
You need to remove the sales.eastsim.com domain.
You have removed all domain controllers in the domain except for the DC1.sales.eastsim.com server. This
server holds the following infrastructure master roles:
RID master
PDC emulator
Infrastructure master
Domain naming master
You are getting ready to remove Active Directory from DC1. What should you do first?

Transfer the domain naming master to a domain controller in eastsim.com.
Transfer the infrastructure master and the domain naming master to a domain controller in
eastsim.com.
Transfer the infrastructure master to a domain controller in eastsim.com.
Run dcpromo /forceremoval.
Transfer the all roles to a domain controller in eastsim.com.

Answer 10

Transfer the domain naming master to a domain controller in eastsim.com.

Question 11

Your network currently has the following Active Directory domains: westsim.com, emea.westsim.com,
uk.emea.westsim.com, and us.westsim.com.
Your company is closing its offices in the United States. Previously, most of the network administration took
place in that office. Now all IT administration will take place in your London offices.
You have removed all domain controllers from the us.westsim.com domain except for the DC1 server. This
server hosts the following roles:
RID master
PDC emulator
Domain naming master
Infrastructure master
Prior to removing Active Directory from the domain controller, you need to transfer the necessary operation
master roles to servers in the westsim.com domain. The westsim.com domain has the following domain
controllers: W81, W52, W53, and WS4. All servers are also global catalog servers except for WS3.
What should you do to prepare for Active Directory removal on DC1?

Transfer the domain naming master to W53.
Transfer the infrastructure master to any domain controller in westsim.com.
Transfer the infrastructure master to W51, W82, or W54.
Transfer the infrastructure master to W83.
Transfer the domain naming master to any domain controller in westsim.com.
Transfer the domain naming master to W51, W52, or WS4.

Answer 11

Transfer the domain naming master to W51, W52, or WS4.

Question 12

Listed on the left are various operation master roles. For each tool, identify the roles that you can transfer
using that tool by dragging the role from the left to the boxes below the tool.

Domain Naming Master
Infrastructure Master
PDC Emulator
RID Master
Schema Master

Answer 12

Active Directory User and Computers
Infrastructure Master
PDC Emulator
RID Master

Active Directory Domains and Trusts
Domain Naming Master

Question 13

You are the network administrator for westsim.com. The network will consist of one Active Directory domain
that contains 100 users. You install Windows Server 2012 R2 on a server named DC1. You then install Active
Directory Domain Services (AD DS) and promote DC1 to a domain controller. After creating the new domain,
you create a replica domain controller named DC2.
Several months after installation, DC1 fails. Parts to restore the server will not be available for several weeks.
You need to transfer the Flexible Single Master Operations (FSMO) roles to DC2.
What should you do?

Use the NTDSUtiI in an elevated command prompt on DC1 to seize the roles.
Use Active Directory Domains and Trusts on DC2 to seize the roles.
Use the NTDSUtiI in an elevated command prompt on DC2 to seize the roles.
Use Active Directory Users and Computers on DC2 to seize the roles.

Answer 13

Use the NTDSUtiI in an elevated command prompt on DC2 to seize the roles.

Question 14

You are the network administrator for eastsim.com. eastsim.com has one main office in Dallas, TX and two
branch offices in New York, NY and Los Angeles, CA. The branch offices are both connected to the main office
by dedicated WAN links. There is no direct connection between the branch offices. The network consists of
one Active Directory domain that contains 2,000 users. There are two domain controllers at each site as listed
in the table below.

Site Domain Controllers
Dallas, TX DC1, DC2
New York, NY DC3, DC4
Los Angeles, CA DC5, DC6

DC1 was the first domain controller installed in the domain and it currently hosts all five Flexible Single
Master Operations (FSMO) roles. You need to identify which server should be used as a backup operations
master in the event that DC1 should fail.
Which server should be used?

DC6
DC3
DC4
DC5
DC2

Answer 14

DC2

Question 15

You are the network administrator for westsim.com. The network consists of one Active Directory domain
that contains 1,500 users. westsim.com has one main office and 15 branch offices. There are three domain
controllers at the main office and one domain controller at each branch office.
You have been asked to identify which domain controller hosts the Schema Master role.
Which utilities should you use? (Select two.)

Active Directory Schema snap-in
Active Directory Users and Computers
Dsquery
Dsget

Answer 15

Active Directory Schema snap-in

Dsquery

Question 16

You are the network administrator for northsim.com. The network consists of one Active Directory domain.
All of the servers run Windows Server 2012 R2 and all of the clients run Windows 7.
While attempting to run a backup on a member server, you discover that you are unable to log on to the
domain. After troubleshooting the problem, you determine that the clock on the member server is 15 minutes
fast. You verify that the time is correct on the PDC Emulator. You have no trouble logging on to other
member servers. You need to display the member server’s current Windows Time Service information to
determine which server is being used as a time service provider.
What should you do?

Run the W32tm.exe command.
Run the Netsh command.
Run the Winrm qc command.
Run the NTDSUtiI command.

Answer 16

Run the W32tm.exe command.

Question 17

You are the network administrator for westsim.com. The network consists of a single Active Directory
domain. All the servers run Windows Server 2012 R2 and all the clients run Windows 7.
The company has a branch office in Atlanta that has a read-only domain controller (RODC) named
ATLRODC1. Management has requested a list of the users who have been authenticated by ATLRODC1in
the past and whose user accounts are cached on the RODC.
What command should you use?

Get-ADDomainControllerPasswordReplicationPolicyUsage
Get-ADUser
Get-ADAccountResultantPasswordReplicationPolicy
Get-ADDomainControllerPasswordReplicationPolicy

Answer 17

Get-ADDomainControllerPasswordReplicationPolicyUsage

Question 18

You are the network administrator for northsim.com. The network consists of a single domain. All the
servers run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8. The company has one
main office and several small branch offices. The branch offices do not have any on-site network
administrators.
You are preparing to deploy servers to each of the branch offices. Security is a concern. You must ensure that
the passwords for only the members of the branch office are cached on the branch office domain controllers.
You must also ensure that data stored on the branch office servers cannot be compromised, even if a hard
drive is stolen.
What should you do?

Configure the branch office servers as writable domain controllers and install the Bitlocker feature.
Configure the branch office servers as writable domain controllers and install the File Server Resource Manager feature.
Configure the branch office servers as Read-Only Domain Controllers (RODCs) and install the File Server Resource Manager feature.
Configure the branch office servers as Read-Only Domain Controllers (RODCs) and install the Bitlocker feature.

Answer 18

Configure the branch office servers as Read-Only Domain Controllers (RODCs) and install the Bitlocker feature.

Question 19

You manage the network with a single Active Directory domain named eastsim.com. Your company has a
single office in Dallas.
You open a second office in San Antonio. The San Antonio location is connected to the Dallas location by a
WAN link. All user and computer accounts in the branch office are members of the eastsim.com domain. You
do not install a domain controller in the branch office.
Recently, the WAN connection between Dallas and San Antonio went down. During the outage, several
problems existed because of the lack of a domain controller in the San Antonio location.
You want to eliminate these problems in the future. You want to make sure that user passwords are cached
on a server in San Antonio, and that directory service replication only happens from Dallas to San Antonio.
Changes should not be made at San Antonio and replicated back to domain controllers in Dallas.
What should you do?

Install a domain controller in San Antonio. Create a new site for the branch office, and move the domain controller into that site. Enable Universal Group Membership Caching on the site.
Install a domain controller in San Antonio. Make it a global catalog server.
Install Active Directory Lightweight Directory Services (AD LDS) on a member server in the branch office. Configure an instance and run Adamsync once to populate the directory from a domain controller in Dallas.
Install a Read-only Domain Controller (RODC) in the branch office.

Answer 19

Install a Read-only Domain Controller (RODC) in the branch office.

Question 20

You manage the network with a single Active Directory domain named eastsim.com. Domain controllers run
both Windows Server 2003 and Windows Server 2012 R2. The domain functional level is at Windows Server
2003.
Your company has recently opened a new branch office. You would like to create a new domain named
branch1.eastsim.com for the branch office. You want to use a read-only domain controller for this domain.
How should you install the RODC?

Install the read-only domain controller using an unattended installation. Include ReplicaOrNewDomain=domain in the answer file.
Install a full domain controller in the branch office, then convert it to an RODC.
Run Ntdsutil to create installation media. Install the RODC using the install from media option.
Install a full domain controller in the main office, then install the read-only domain controller in the
branch office.

Answer 20

Install a full domain controller in the main office, then install the read-only domain controller in the
branch office.

Question 21

You are the network administrator for northsim.com, a company that specializes in extreme sports
vacations. The company has one main office and 30 branch offices. All of the branch offices have between
3-10 users on location, and all of them are located in remote areas of the country. Due to the need to be
located near natural resources, many of the branch offices lack basic security and almost all of them are
connected to the main office via dial-up.
Users at the branch offices complain that it takes a long time to log on to the domain. Management has
authorized the purchase and deployment of one Windows Server 2012 server for each branch office. You
have been asked to develop a standard installation for the new servers being deployed. Your solution must
meet the following requirements:

Each branch office server should perform authentication for users located at that branch office.
Each branch office server should be configured so as to minimize the amount of Active Directory
information that will be compromised in the event that the server is stolen.
Each branch office server should be configured so as to minimize the amount of user data that will be
compromised in the event that the server is stolen.

What should you do?

Install a Read-Only Domain Controller (RODC) in each branch office. Configure the hard drive to use
Bitlocker drive encryption.
Install a writable domain controller in each branch office. Configure the hard drive to use Bitlocker drive encryption.
Install a Read-Only Domain Controller (RODC) in each branch office. Configure all of the files on the hard
drive to use the Encrypting File System (EFS).
Install a writable domain controller in each branch office. Configure all of the files on the hard drive to use the Encrypting File System (EFS).

Answer 21

Install a Read-Only Domain Controller (RODC) in each branch office. Configure the hard drive to use
Bitlocker drive encryption.

Question 22

You are the network administrator for westsim.com. westsim.com has one main office and 50 branch
offices. The network consists of one Active Directory domain that contains 5,000 users.
You plan to deploy a Windows 2012 R2 domain controller in each branch office. Ten of the branch offices do
not employ on-site IT staff. You need to recommend a solution for these 10 branch offices. Your solution
must meet the following requirements:

Minimize network traffic during the installation of Active Directory Domain Services (AD DS).
Maximize the security of the branch office domain controllers.

What should you recommend?

Install Active Directory Domain Services (AD DS) and then configure the Global Catalog option.
Install Active Directory Domain Services (AD DS) and configure the read-only domain controller (RODC)
option. Enable Universal Group Membership Caching on each branch office site.
Install a Server Core installation of Windows Server 2012 R2, and then install Active Directory Domain
Services (AD DS) using the Install from Media feature.
Install Active Directory Domain Services (AD DS) using the Install from Media feature and configure the read-only domain controller (RODC) option.

Answer 22

Install Active Directory Domain Services (AD DS) using the Install from Media feature and configure the read-only domain controller (RODC) option.

Question 23

Your organization runs a Hyper-V hypervisor on a Windows Server 2008 R2 system that hosts a mix of
Windows Server 2008 R2 and Windows Server 2012 R2 virtual domain controllers.
You want to use snapshots to protect your virtual domain controllers on this hypervisor host. However, you
have heard that doing this can cause Update Sequence Number (USN) rollback issues.
What must you do to prevent this from happening? (Select two. Each response is a part of the complete
solution.)

Upgrade the hypervisor host to Windows Server 2012 R2.
[:l Upgrade the Windows Server 2008 R2 virtual domain controllers to Windows Server 2012 R2.
E] Install the latest service pack on the hypervisor host.
E] Migrate the virtual domain controllers to a VMware vSphere 5.1 hypervisor host.
Install the latest Integration Services from a Windows Server 2012 R2 hypervisor on the virtual domain
controllers.

Answer 23

Upgrade the hypervisor host to Windows Server 2012 R2.

Install the latest Integration Services from a Windows Server 2012 R2 hypervisor on the virtual domain
controllers.

Question 24

To prevent Update Sequence Number (USN) rollback issues with virtual domain controllers, each domain
controller (virtual or physical) is assigned a unique identifier called the VM-Generation-ID.
For virtual domain controllers, where is this identifier stored? (Choose two.)

As an attribute of the hypervisor computer object in Active Directory
In a file within the virtual machine configuration
In a file in C:\Windows\System32 of the hypervisor host
In a file in C:\Windows\System32 of each virtual domain controller
As an attribute of each domain controller computer object in Active Directory

Answer 24

As an attribute of the hypervisor computer object in Active Directory
In a file in C:\Windows\System32 of the hypervisor host
In a file in C:\Windows\System32 of each virtual domain controller

Question 25

Your organization runs a Hyper-V hypervisor on Windows Server 2012 R2 that hosts several Windows Server
2012 R2 virtual domain controllers.
You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 R2
virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing
virtual domain controller’s virtual machine files.
What must you do to perform this procedure correctly? (Select two. Each response is a part of the complete
solution.)

Create a computer object for the cloned domain controller in the Cloneable Domain Controllers group in the Users container
Add the source domain controller’s computer object to the Cloneable Domain Controllers group in the Users container
Create the DCCloneConfig.XML file for the cloned domain controller.
Apply the latest service pack on the source domain controller.
Create the DCCloneConfig.XML file for the source domain controller.

Answer 25

Add the source domain controller’s computer object to the Cloneable Domain Controllers group in the Users container

Create the DCCloneConfig.XML file for the cloned domain controller.

Question 26

Your organization runs a Hyper-V hypervisor on Windows Server 2012 R2 that hosts several Windows Server
2012 R2 virtual domain controllers.
You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 R2
virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing
virtual domain controller’s virtual machine files.
You have completed all of the preparatory steps and are now ready to clone the source virtual machine.
Which PowerShell cmdlets must you use to do this? (Select three. Each response is a part of the complete
solution.)

Get-ADDCCloningExcludedApplicationList
Rename-VM
Clone-VM
Export-VM
Import-VM
New-ADDCCloneConfigFile

Answer 26

Rename-VM
Export-VM
Import-VM

Question 27

A virtual domain controller has been powered on and begins to boot. When it does, the hypervisor host
detects that the value of the VM-Generation-ID in the virtual machine‘s configuration and the value of the
VM-Generation-ID in the virtual domain controller’s computer object in Active Directory don’t match.
What happens next?

The hypervisor pushes the latest RID pool and USN to the virtual domain controller.
The domain controller is labeled out of sync and is disabled to prevent database corruption on the other
domain controllers.
The latest Active Directory changes are replicated from the virtual domain controller to the other domain
controllers in the domain.
The hypervisor reverts the virtual domain controller to the most recent snapshot.

Answer 27

The hypervisor pushes the latest RID pool and USN to the virtual domain controller.

Question 28

Your organization runs a Hyper-V hypervisor on Windows Server 2012 R2 that hosts several Windows Server
2012 R2 virtual domain controllers.
You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 R2
virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing
virtual domain controller’s virtual machine files.
Prior to cloning the source virtual machine, you need to check it for installed applications and services that
aren’t compatible with the cloning process.
Which PowerShell cmdlet can you use to do this?

New-ADDCCloneConfigFile
Get-ADDCCIoningExcludedApplicationList
Export-VM
Import-VM

Answer 28

New-ADDCCloneConfigFile

Question 29

You are the network administrator at eastsim.com. The organization owns 8 restaurants located in
California. The network consists of a single Active Directory domain. There is one domain controller and one
database server located in each restaurant. The domain password policy requires the use of complex
passwords that must be changed every 30 days.
After implementing a new third party backup system the backups run without problems for the first month
and then begin failing regularly. You determine that the failure is due to an expired password on the service
account being used by the third party backup software.
You must reconfigure the software to perform successful backups. Your solution should maintain current
security standards and avoid future backup failures, while using the least amount of administrative effort.
What should you do?

Create a managed service account. Then you should configure the backup software to use the managed service account.
Configure the backup software to use your user name and password. Then, whenever you are prompted to change your password, you should update the backup service on each machine running the backup
software.
Implement a Fine-grained Password Policy that applies only to the backup service account. Configure the password policy to have a maximum password age of 360 days.
Use Active Directory Users and Computers to configure the backup service account password to never expire.

Answer 29

Create a managed service account. Then you should configure the backup software to use the managed service account.

Question 30

You are the network administrator for westsim.com. The network consists of a single Active Directory
domain. All the servers run Windows Server 2012 R2 and all the clients run Windows 8. Company policy
requires all users in the domain to change their passwords every 30 days.
An application named App1uses a service account named App1$vc.Every 30 days, App1fails. When theAppISvcaccount password is reset, the application works fine. You need to prevent App1 from failing in
the future without compromising corporate security standards.
What should you do?

Run the Set-ADUser cmdlet.
Run the New-ADServiceAccount cmdlet.
Enable the Password Never Expires setting on the AppISvc account.
Create a new Password Settings Object (PSO).

Answer 30

Run the New-ADServiceAccount cmdlet.

Question 31

Which built-in local user account is a member of the local Administrators group?

Local Service
Local Admin
Network Service
Local System

Answer 31

Local System

Question 32

What is the key difference between a managed service account and a group managed service account?

A managed service account can be used by only one service on a given computer in a domain.
A managed service account can be used on only one computer in a domain.
A group managed service account can be used on only one computer in a domain.
Passwords for group managed service accounts must be managed manually.

Answer 32

A managed service account can be used on only one computer in a domain.

Question 33

What container in Active Directory is where group managed service accounts are created by default?

Answer 33

Managed Service Accounts

Question 34

You are working in PowerShell on a Windows Server 2012 R2 domain controller. You need to create a group
managed service account that will be used by a new service that you will install later on the server.
Which cmdlet should you use to do this?

Get-ADServiceAccount
Install-ADServiceAccount
New-ADServiceAccount
Set-ADServiceAccount

Answer 34

New-ADServiceAccount

Question 35

You are working in PowerShell on a Windows Server 2012 R2 domain controller. You need to create a new
group managed service account to be used by a new application that will be installed later on the Windows 7
workstations that are members of the domain.
The domain functional level is set to Windows Server 2008.
Can you do this?

No, group managed service accounts can only be used by servers in the domain, not workstations.
Yes, all of the requirements for using group managed service accounts have been met.
No, group managed service accounts cannot be used by Windows operating systems prior to Windows 8.
No, the functional level of the domain must be raised to Windows Server 2012 R2.

Answer 35

No, group managed service accounts cannot be used by Windows operating systems prior to Windows 8.

Question 36

You manage a Windows Server 2012 R2 server that stores user data files. You want to use Windows Server
Backup to configure a backup schedule.
You want to perform a complete system backup every Monday, Wednesday, and Friday. You want to be able
to restore the entire system or individual files from the backup.
What should you do? (Select two. Each choice is a required part of the solution.)

Save backups to the C:\Backups folder.
Create a Scheduled Task that runs wbadmin start backup.
Save backups to the C:\NTDS folder.
In Windows Server Backup, run the Backup Schedule wizard.
Save backups to a shared folder.

Answer 36

Create a Scheduled Task that runs wbadmin start backup.

Save backups to a shared folder.

Question 37

You manage a Windows Server 2012 R2 server that stores user data files. The system volume is drive C:,
while all user data is on drive E:. You want to use Windows Server Backup to configure a backup schedule.
You want to back up only the E: volume twice a day. You want to be able to restore individual files and
folders. If possible, you want to save backups on optical media so you can place the backup disc in a media
catalog server for easy retrieval.
What should you do? (Select two. Each choice is a required part of the solution.)

Save the backup to the E:\Backups folder.
Create a Scheduled Task that runs wbadmin start systemstatebackup.
Save the backup to the E:\Shared folder.
Create a Scheduled Task that runs wbadmin start backup.
Save the backup to an external hard disk.

Answer 37

Create a Scheduled Task that runs wbadmin start backup.

Save the backup to an external hard disk.

Question 38

You are the network administrator for northsim.com. The network consists of a single Active Directory
domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8.
While working in Active Directory Users and Computers, you discover that an organizational unit (OU) which
contained several group objects is missing. You do not know how long the OU has been missing. You select a
backup from the previous week. You need to determine whether this backup contains the missing OU. You
attempt to mount the snapshot using NTDSUtiI but are not successful. You must mount the backup as an
Active Directory snapshot.
What should you do?

Reset the Directory Services Restore Mode (DSRM) password using the NTDSUtiI command.
Start the Volume Shadow Copy service (V55).
Stop the Active Directory Domain Services service.
Restart the server in Directory Services Restore Mode (DSRM).

Answer 38

Start the Volume Shadow Copy service (V55).

Question 39

You are the network administrator for westsim.com. The network consists of a single Active Directory
domain. All the servers run Windows Server 2012 R2 and all the clients run Windows 7 or Windows 8.
The network had a child domain named east.westsim.com.The domain was decommissioned but several snapshots were taken prior to the decommissioning. Management requests that you identify the members of
a group that existed in the east.westsim.com. You mounted the last snapshot to examine the group on a domain controller namedDCl, but you now need to see the data in the snapshot.
What command should you run?

dsamain
ntdsutil mount
dcgpofix
Get-ADObject

Answer 39

dsamain

Question 40

You manage a Windows Server 2012 R2 system and need to perform an immediate system state backup. The
backup should be saved on the E:\ volume.
Which command should you use to do this?
wbadmin start backup -backupTarget:E:
wbadmin start systemstaterecovery -backupTarget:E:
wbadmin start systemstatebackup -backupTarget:E:
wbadmin start sysrecovery -backupTarget:E:

Answer 40

wbadmin start systemstatebackup -backupTarget:E:

Question 41

You manage a Windows Server 2012 R2 system and need to perform an immediate system state backup. The
backup will be saved on the C:\ volume.
To accomplish this, you determine that wbadmin start systemstatebackup -backupTarget:C: is the appropriate command to use.
Will this strategy work?

No, the wbadmin start backup command should be used instead.
No, the wbadmin start systemstaterecovery command should be used instead.
No, the backup cannot be saved to the same drive as the system state data.
Yes, this strategy will immediately create a system state backup.

Answer 41

No, the backup cannot be saved to the same drive as the system state data.

Question 42

You have activated an Active Directory database snapshot on your Windows Server 2012 R2 system and have
mounted it. You now need to view the contents of the snapshot.
To do this, you decide to access the mounted snapshot in Active Directory Users and Computers using the
Lightweight Directory Access Protocol (LDAP).
Which command should you use to do this?

dsamain
ntdsutil
Idp
ADExplorer

Answer 42

dsamain

Question 43

A domain controller in your domain has experienced a catastrophic failure. Because the server failed before it
could be cleanly removed from your domain, Active Directory still thinks the failed domain controller is
present. All of the other domain controllers will continue to try to replicate with it, potentially resulting in
database inconsistency.
You need to remove the failed server by cleaning the metadata.
Which ntdsutil command should you use to do this?

remove selected server
move db to
add nc replica
transfer PDC

Answer 43

remove selected server

Question 44

You are the network administrator for eastsim.com. The network consists of a single Active Directory
domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7 and Windows 8. There is
one main office and seven branch offices. There are two writable domain controllers in the main office. There
is one read-only domain controller (RODC) in each branch office. The domain functional level is set to
Windows Server 2003.
While visiting one of the branch offices, you accidentally delete a folder from the SYSVOL share on the local
RODC. You need to restore the contents of the SYSVOL on the RODC.
What should you do?

Using Active Directory Sites and Services, you should force replication on one of the writable domaincontrollers.
Using Active Directory Sites and Services you should force replication on the RODC.
You should set the Burflags registry setting on the RODC to D2.
You should set the Burflags registry setting on one of the writable domain controllers to D2.

Answer 44

You should set the Burflags registry setting on one of the writable domain controllers to D2.

Question 45

You work for a consulting company. Your best customer, a university on summer break, has a serious
problem. One of the student interns carried a large cup of coffee into the computer room and promptly
tripped over a section of the raised flooring. The coffee spilled and found its way into one of the domain
controllers. Sparks flew and the domain controller was dead on arrival to the tech bench. The system board
was no longer functional and two SCSI hard drives have failed.
You replace the system board and SCSI hard drives. Fortunately, a system state backup was done two nights
ago, but several changes in Active Directory have occurred since then and have been fully replicated to other
domain controllers in this single domain network. You need to decide how to restore Active Directory on the
failed server. You must complete the restoration as quickly as possible.
What should you do?

Perform an authoritative restore of only the Active Directory objects created or updated since the server failed.
Perform an authoritative restore of the entire Active Directory database.
Perform a nonauthoritative restore of the entire Active Directory database.
Perform a nonauthoritative restore of only the Active Directory objects created or updated since the server failed.

Answer 45

Perform a nonauthoritative restore of the entire Active Directory database.

Question 46

You are the network administrator for a network with a single Active Directory parent domain and two child
domains. All domain controllers are running Windows Server 2012 R2. You are responsible for disaster
recovery across the entire network. You decide to use Windows Server Backup. You schedule full server
backups to be taken every night, along with a system state backup an hour later.
On Friday morning, you are creating new users in the Accounting OU when you receive an error stating that
the user cannot be created because the context could not be found. After some investigation you find that a
co-worker has deleted the OU and the change has replicated to all domain controllers. You want to restore
the latest version of the OU without affecting the rest of Active Directory.
What should you do?

Boot a domain controller into Directory services restore mode. Perform a nonauthoritative restore.
Boot a domain controller into Directory services restore mode. Perform a nonauthoritative restore of the Accounting DU.
Boot a domain controller into Directory services restore mode. Perform a nonauthoritative restore. Run Ntdsutil and mark the entire restore as authoritative.
Boot a domain controller into Directory services restore mode. Perform a nonauthoritative restore. Run Ntdsutil and mark the Accounting OU as authoritative.
Boot a domain controller into Directory services restore mode. Perform an authoritative restore of the Accounting OU.

Answer 46

Boot a domain controller into Directory services restore mode. Perform a nonauthoritative restore. Run Ntdsutil and mark the Accounting OU as authoritative.

Question 47

You are the administrator for WestSim Corporation. The network has a single domain, westsim.com,
running at Windows 2003 functional level. Five domain controllers, all running Windows Server 2012 R2
server, are located on the network.
Your network uses a distributed administrative approach. Numerous network administrators work in Active
Directory adding users and maintaining user accounts. One day you check Active Directory and find a new OU
that doesn’t meet your organizational plan. You delete the OU and start checking to see who might have addedit
You get a call from another administrator complaining that you deleted the OU she was working with. She
explains the OU’s purpose, and points out she had added it yesterday to prepare for a new department. She
explains that although the OU was empty this morning, she had moved some user accounts into that OU at or
shortly after the time you deleted the OU.
You perform system state backups every night. You need to get back the deleted objects as quickly as
possible without disrupting the network.
What should you do?

Perform an authoritative restore of the deleted user objects and the OU. Move the user objects into the restored DU.
Re-create the OU. Perform an authoritative restore of the user accounts. Move them into the new OU.
Re-create the OU. Move the user accounts from the LostAndFound container into the new DU.
Re-create the OU and the user accounts. Re-create any permissions granted to the user accounts.

Answer 47

Re-create the OU. Move the user accounts from the LostAndFound container into the new DU.

Question 48

You and Sammy are creating an organizational unit structure and user accounts for the
education.westsim.com domain. You created ACTG, PROD, and SALES organizational units on Serverl.
Fifteen minutes later, you change the name of the ACTG organizational unit to ACCT. Before replication
finishes, Sammy uses Server 2 to add several user accounts to the ACTG organizational unit. You check the
ACCT OU to find the user accounts are not there.
What should you do?

Restore the user accounts from backup.
Create an OU named ACTG. Wait until directory synchronization occurs. Move the user accounts from
ACTG to ACCT.
Move the user accounts from the LostAndFound container to the ACCT container.
Recreate the user accounts.

Answer 48

Move the user accounts from the LostAndFound container to the ACCT container.

Question 49

You have just installed a new domain on a new domain controller running Windows Server 2012 R2.
You would like to use Windows Server Backup to back up Active Directory. You would like to perform the
backup so that you can restore the domain controller if the domain controller is able to boot but when Active
Directory is corrupt.
Which type of backup should you create?

Full server backup
System state backup
Back up the Ntds.dit file and the Sysvol folder
Critical volume backup

Answer 49

System state backup

Question 50

You have just installed a new domain on a new domain controller running Windows Server 2012 R2.
You would like to use Windows Server Backup to back up Active Directory. You would like to perform the
backup so that you can restore the domain controller if the domain controller is able to boot but when ActiveDirectory is corrupt.
You want the backup to run once a day. You want to take the backup medium and put it in a safe in an offsite location.
What should you do? (Select two. Each choice is a required part of the solution.)

Create a scheduled task to run wbadmin start systemstatebackup.
Run the Windows Server Backup console. Create a schedule to take a individual volumes backup.
Save the backup to a folder on the C:\ volume.
Save the backup to a local disk.

Answer 50

Create a scheduled task to run wbadmin start systemstatebackup.

Save the backup to a local disk.

Question 51

You manage the network for the eastsim.com domain. You have three domain controllers, all running
Windows Server 2012 R2.
You have forgotten the Directory Services Restore Mode password for your domain controllers.
What should you do to reset the password?

Run Wbadmin.
Reset the domain controller computer account in Active Directory Users and Computers.
Run Ntdsutil.
Run Dcpromo.

Answer 51

Run Ntdsutil.

Question 52

You manage the network for the eastsim.com domain. The domain functional level is at Windows 2000 Native.
You want to enable linked-value replication. You want to take the minimum action that is possible.
What should you do?

Upgrade the domain functional level to Windows Server 2003.
Run the Enable???ADOptionalFeature PowerShell cmdlet
Run the chpofix.exe tool.
Upgrade the forest functional level to Windows Server 2003.

Answer 52

Upgrade the forest functional level to Windows Server 2003.

Question 53

You are the network administrator for westsim.com. The network consists of a single Active Directory
domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8. The forest
functional level is set to Windows Server 2008 R2. The Active Directory Recycle Bin has been enabled.
While working in Active Directory Users and Computers, you accidentally delete a group. You need to restore
the group using the least amount of administrative effort.
What should you do?

Use Active Directory Sites and Services to force replication from another domain controller to restore the group.
Perform an authoritative restore of the group using the NTDSUtiI command.
Use the ADSIEdit utility to restore the group.
Use the Restore-ADObject PowerShell command to restore the group.

Answer 53

Use the Restore-ADObject PowerShell command to restore the group.

Question 54

You are the network administrator for southsim.com. The company has one main office along with several
branch offices. All the domain controllers run Windows Server 2012 R2 and all the client computers run
Windows 7 or Windows 8. The domain functional level is set to Windows Server 2008 R2. The forest
functional level is set to Windows Server 2008.
You need to enable the Active Directory Recycle Bin feature.
What should you do? (Select two. Each selection is a part of the required solution.)

Use the ADSI Edit utility to enable the Active Directory Recycle Bin.
Raise the forest functional level to Windows Server 2008 R2.
Use ldp.exe to enable the Active Directory Recycle Bin.
Run the adprep /forestprep command on the domain controller hosting the Schema master role.

Answer 54

Raise the forest functional level to Windows Server 2008 R2.

Use ldp.exe to enable the Active Directory Recycle Bin.

Question 55

You are the network administrator for a company with a single Active Directory domain. The domain
functional level is Windows Server 2003. Each departmental administrative team has delegated control over
an organization unit (OU) for their department.
In the last few weeks there have been several new administrators join the team that have never managed
Active Directory before. Yesterday, one of the new administrators inadvertently deleted an entire OU from
within his department’s OU structure. You have located a backup from two days ago to use for the
restoration.
What should you do? (Choose two. Each correct answer is part of the solution.)

Reboot a domain controller into directory services restore mode and restore Active Directory from the
backup.
Remove and re-install Active Directory; then let replication restore Active Directory data.
Run Ntdsutil and mark the deleted OU for authoritative restore.
Restore Active Directory from the backup and then reboot the domain controller into directory services
restore mode.
Perform a nonauthoritative restore and reboot the domain controller normally.

Answer 55

Reboot a domain controller into directory services restore mode and restore Active Directory from the
backup.

Run Ntdsutil and mark the deleted OU for authoritative restore.