MCSA Windows Server 2012 R2 Configuring Advanced Services

MCSA Windows Server 2012 R2 Configuring Advanced Services

Appendix

A

Answers to Review

Questions

b01.indd 291 1/16/2015 10:19:08 AM

b01.indd 292

292

Appendix A

Answers to Review Questions

Chapter 1: Configure and Manage

High Availability

1. A, B and D. Only the Standard, Datacenter, and Hyper-V editions of Windows Server 2012

R2 can participate in a failover cluster.

2. A, B and D. All versions of Windows Server 2012 R2 can participate in an NLB cluster except for the Windows Server 2012 R2 Hyper-V edition.

3. D. A Windows Server 2012 R2 cluster can contain up to 64 nodes.

4. B. Drainstop is the function that allows the current session to end before stopping the cluster on the node. Evict is used to remove a node completely from a failover cluster. Pause is used to keep resources from failing over to a failover cluster node. Stop will immediately end the cluster service on the NLB cluster node, not allowing the current sessions to complete.

5. D. A Windows Server 2012 R2 NLB cluster can contain up to 32 nodes.

6. A and C. SQL Server and Exchange Server are supported only on failover clusters. Websites and VPN services are network-based services, so they are better suited for NLB clusters.

7. B and D. Websites and Terminal Services are all designed to work with NLB clusters.

Database servers such as SQL Server do not work on NLB clusters.

8. B. To use unicast communication between NLB cluster nodes, each node must have a minimum of two network adapters.

9. B. Up to two votes can be lost before quorum can no longer be achieved. These votes can come from the file share witness or a cluster node.

10. B. In a three-node cluster, only one node can be offline before quorum is lost; a majority of the votes must be available to achieve quorum.

Chapter 2: Configure File and Storage

Solutions

1. B, E, G and H. The Group Policy Management Console allows system administrators to change auditing options and to choose which actions are audited. At the file system level,

LaDonna can specify exactly which actions are recorded in the audit log. She can then use

Event Viewer to view the recorded information and provide it to the appropriate managers.

1/16/2015 10:19:08 AM

b01.indd 293

Chapter 3: Implement Business Continuity and Disaster Recovery

293

2. A. The iSCSI default port is TCP 3260. Port 3389 is used for RDP, port 1433 is used for

Microsoft SQL, and port 21 is used for FTP.

3. C. Account logon events are created for domain account activity. For example, you have a user who logs onto a server so that they can access files; the act of logging onto the server creates this audit event.

4. A. File servers are used for storage of data, especially for users’ home folders. Home folders are folder locations for your users to store data that is important and that needs to be backed up.

5. A, B, C and D. Improved security, quotas, compression, and encryption are all advantages of using NTFS over FAT32. These features are not available in FAT32. The only security you have in FAT32 is shared folder permissions.

6. D. The iscsicli addisnsserver server_name command manually registers the host server to an iSNS server. refreshisnsserver refreshes the list of available servers. removeisnsserver removes the host from the iSNS server. listisnsservers lists the available iSNS servers.

7. A. Windows Server 2012 R2 Features On Demand allows an administrator not only to disable a role or feature but also to remove the role or feature’s files completely from the hard disk.

8. D. The iSNS feature is used to provide for the automatic discovery of iSCSI targets that are available on the network. This is a useful feature within a larger environment. Note that without iSNS DHCP configured, iSNS clients must be registered manually with the iscsicli command.

9. A. After generating hashes on the Colorado Springs file server that will be preloading

Tampa’s file server cache with file share data, the next logical step is to run

Export-

BCCachePackage to get the data to FS02 from FS01.

10. B. Since there is a classification rule that is currently configured and applied to company resources, you will be unable to delete the Contains Personal Information classification property manually because the Classification Rule controls the property. In this case, you have to delete the Classification Rule in order to be able to delete the classification property.

Chapter 3: Implement Business

Continuity and Disaster Recovery

1. A. Using images allows you to back up and restore your entire Windows Server 2012 R2 machine instead of just certain parts of data.

1/16/2015 10:19:08 AM

b01.indd 294

294

Appendix A

Answers to Review Questions

2. C. If you need to get a stalled computer up and running as quickly as possible, you should start with the Last Known Good Configuration option. This option is used when you’ve made changes to your computer’s hardware configuration and are having problems restarting but have not logged into the machine. Last Known Good Configuration will revert to the configuration used the last time the computer was successfully booted.

3. D. Daily backups back up all of the files that have changed during a single day. This operation uses the file time/date stamps to determine which files should be backed up and does not mark the files as having been backed up.

4. B. To create a restore point manually or to restore your computer to a previous restore point, you use the Shadow Copies tab of the System Properties dialog box. Although System Restore uses restore points, you do not use the System Restore utility to create a restore point.

5. B. You should start with the Last Known Good Configuration option. This option is used when you’ve made changes to your computer’s hardware configuration and are having problems restarting. The Last Known Good Configuration will revert to the configuration used the last time the computer was successfully booted. Although this option helps overcome configuration errors, it will not help when there are hardware errors.

6. C. When you enable boot logging, the file created is

\Windows\ntbtlog.txt. This log file is used to troubleshoot the boot process.

7. C. To repair the system files quickly, you can use the Startup Repair tool. You can restore an image by using the Backup and Repair Center, but it is faster to use the Startup Repair tool. Additionally, you will not lose any personal files by using the Startup Repair tool.

Alternatively, you could try to use System Restore to go back to a previous checkpoint.

8. B. When you run your computer in Safe Mode, you simplify your Windows Server 2012

R2 configuration. Only the drivers that are needed to get the computer up and running are loaded.

9. C. The Backup Once link allows you to start a backup on the Windows Server 2012 R2 system.

10. D. If you need to back up and restore your Windows Server 2012 R2 machine, you need to use the Windows Server Backup MMC.

Chapter 4: Configure Advanced

Network Services

1. C. Out of the possible answers provided, the only DHCP configuration option that would be both fault-tolerant and redundant is DHCP failover.

1/16/2015 10:19:08 AM

b01.indd 295

Chapter 4: Configure Advanced Network Services

295

2. B, C and D. DNS registration is an advanced DHCP configuration. All three other options provide additional security for DNS on your network.

3. D. DNS netmask ordering is the only way to ensure that clients will get the closest DNS server to their subnet when performing DNS queries on your network. If DNS netmask ordering were not enabled, requests would go through a round-robin approach from all of the DNS servers available to provide lookup services. You could end up with a poor connection depending on which DNS server responds to your client’s requests.

4. D. The DNSAdmins security group is the best fit for this administrator’s responsibilities.

If you were to place this administrator in either the Domain Admins or Enterprise Admins security group, that individual would have too many unnecessary permissions granted within the environment, making their Active Directory account a security vulnerability.

The Schema Admins group does not pertain to this question.

5. B. DHCP name protection ensures that DNS host A records are never overwritten during

DNS dynamic updates. The other three possible answers would not fulfill this question’s requirements.

6. C. The IPAM ASM Administrators group is specifically designed for the delegation of IPAM Address Space Management. The IPAM Administrators group would give her domain account way to much access within the environment, and the other two possible answers would not provide her with enough permissions to perform her required responsibilities.

7. B. Out of the three real possible deployment methods—Distributed, Centralized, and

Hybrid—only the Centralized deployment method allows one primary IPAM server to manage the entire enterprise. The Distributed method places an IPAM server at each site location, and the Hybrid method uses a primary server with an additional IPAM server at each site location within the enterprise.

8. D. The only way to accommodate the use of short, single-labeled host names within your

DNS infrastructure is to implement a GlobalNames zone.

9. C. After you have successfully installed and provisioned your IPAM server, the next logical step in the IPAM deployment configuration is to configure and run server discovery. Be sure to follow the step-by-step configuration guide found on the IPAM Overview page in

Server Manager when going through your IPAM test deployment.

10. A. The proper PowerShell syntax to display current IPAM database configuration settings is Get-IpamDatabase. The other possible answers are not valid PowerShell cmdlets.

1/16/2015 10:19:08 AM

b01.indd 296

296

Appendix A

Answers to Review Questions

Chapter 5: Configure the Active

Directory Infrastructure

1. B. The NTDS settings for the site level are where you would activate and deactivate

UGMC.

2. A. By decreasing the Replication interval for the DEFAULTIPSITELINK object, you will decrease the replication latency for all sites using the DEFAULTIPSITELINK.

3. D. In the Active Directory Sites and Services console, the Server NTDS settings are where you would activate and deactivate global catalogs.

4. D. Preferred bridgehead servers receive replication information for a site and transmit this information to other domain controllers within the site. By configuring one server at each site to act as a preferred bridgehead server, Daniel can ensure that all replication traffic between the two sites is routed through the bridgehead servers and that replication traffic will flow properly between the domain controllers.

5. C. By default, connection objects are automatically created by the Active Directory replication engine. You can choose to override the default behavior of Active

Directory replication topology by manually creating connection objects, but this step is not required.

6. B. The Knowledge Consistency Checker (KCC) is responsible for establishing the replication topology and ensuring that all domain controllers are kept up-to-date.

7. D. Site link bridges are designed to allow site links to be transitive. That is, they allow site links to use other site links to transfer replication information between sites. By default, all site links are bridged. However, you can turn off transitivity if you want to override this behavior.

8. B. Simple Mail Transfer Protocol was designed for environments in which persistent connections may not always be available. SMTP uses the store-and-forward method to ensure that information is not lost if a connection cannot be made.

9. D. The Directory Service event log contains error messages and information related to replication. These details can be useful when you are troubleshooting replication problems.

10. A and D. By creating new sites, Christina can help define settings for Active Directory replication based on the environment’s network connections. She can use connection objects to define further the details of how and when replication traffic will be transmitted between the domain controllers.

1/16/2015 10:19:08 AM

b01.indd 297

Chapter 6: Configure Access and Information Protection Solutions

297

Chapter 6: Configure Access and

Information Protection Solutions

1. A and E. Certificate Enrollment Web Service with the Certificate Enrollment Policy Web

Server role is the preferred Microsoft solution for issuing certificates through the internet.

2. B. The online responder uses a lightweight HTTP protocol that responds faster and more efficiently than downloading a traditional CRL.

3. B and C. To enable AD FS 3.0 auditing, you must check the boxes for Success Audits and

Failure Audits on the Events tab of the Federation Service Properties dialog box. You must also enable Object Access Auditing in Local Policy or Group Policy.

4. B. Federation Proxy Services are installed under Remote Access as a web application proxy server in Windows Server 2012.

5. A, B and C. By using Workplace Join, information workers can join their personal devices with their company’s workplace computers to access company resources and services. When you join your personal device to your workplace, it becomes a known device and provides seamless second-factor authentication and single sign-on to workplace resources and applications.

Windows Server 2012 R2, Windows 8.1, and iOS devices can be joined by using Workplace Join.

6. C. Network Load Balancing (NLB) is the only support Microsoft solution for providing high availability across an ADFS server farm. Windows Failover Clustering does not currently support ADFS as one master server is allowed to write to the configuration database per farm.

7. D. The AD FS configuration database stores all of the configuration data. It contains information that a federation service requires to identify partners, certificates, attribute stores, claims, and so forth. You can store this configuration data in either a Microsoft SQL

Server 2005 or newer database or the Windows Internal Database feature that is included with Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 R2. The

Windows Internal Database supports only up to five federation servers in a farm.

8. A and B. The relying-party server is a member of the Active Directory forest that hosts resources that a user in the partner organization wants to access. In this case, the relying party server should be the JavaCup AD FS server. A claims provider provides users with claims. These claims are stored within digitally encrypted and signed tokens. In this case,

Boston Tea Party is the claims provider.

9. A. The Forest CA certificate is the only certificate that is automatically trusted, does not require user interaction and digital signature does not change in this scenario

10. B. Licensing Server/Cluster is the component in charge of delivering publishing and use licenses. Several clusters can be installed per forest depending on the technical needs

(servers’ workload and bandwidth constraints).

1/16/2015 10:19:08 AM

b01.indd 298 1/16/2015 10:19:08 AM

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents