Pin It

Widgets

Microsoft Certified System Engineer on Server 2012

Microsoft Certified System Engineer on Server 2012- Part
Published Date: 03/03/2012.
Version No.: V1.1
Correction: 10 New Questions & Answers.
Uploaded By: Admin.
Next Release: No update received. "Click Here To Report New Update"


Dumps, Free Dumps, VCP5 Dumps| VMware Dumps, VCP Dumps, VCP4 Dumps, VCAP Dumps, VCDX Dumps, Cisco Dumps, CCNA, CCNA640-802, CCNA Dumps, CCNP Dumps, CCIE Dumps, ITIL, Exin Dumps, ITIL Dumps, ITIL3 Dumps, ITIL4 Dumps, ITIL 2012 Dumps, CWNP Dumps, PW0-050, PW0-070, Microsoft, Microsoft Dumps, MCTS Dumps, MCP Dumps, MCSA Dumpe, MCITP Dumps, 70-640, 70-642, 70-643, Oracle, Oracle Dumps, CompTIA, Sun Dumps, RedHat Dumps, Other Dumps, Novell Dumps, Other Dumps, Citrix Dumps, 1Y0-A19, 1Y0-A20 ITIL V3, 
Part1  Part2  Part3  Part4

Questions & Answers

-->

Sections
1. DC, AD, GPO & FSMO roles
2. Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess...)
3. Monitoring & Maintaing (Backup, Restore, Updates, Business Continuity, Disaster Recovery...)
4. Hyper-V
5. Storage & High availability
6. Remote Management & Server Core
7. Certificates
8. Access Control & Dynamic Access Control
9. File and Print Services

Exam A

QUESTION 1
Your network contains an Active Directory domain named contoso.com.

The domain contains two member servers named Server1 and Server2 that run Windows Server 2012.

You log on to Server1.

You need to retrieve the IP configurations of Server2. Which command should you run from Server1?

dsquery * -scope base -attr ip,server2
winrs -r:server2 ipconfig
winrm get server2
ipconfig > server2.ip

A.
B.
C.
D.

Correct Answer: B
Section: Remote Management & Server Core
Explanation

Explanation/Reference:
http://technet.microsoft.com/en-us/library/dd163506.aspx
Using WinRS

You can use WinRS to administer a Server Core installation remotely from the command line. WinRS is a
command-line tool included in both Windows Vista and the Full installation of Windows Server 2008, which
relies on Windows Remote Management (WinRM) to execute remote commands, especially for headless
servers. WinRM is Microsoft's implementation of the WS-Management protocol, a standard Simple Object
Access Protocol (SOAP)-based, firewall-friendly protocol that enables hardware and operating systems from
different vendors to interoperate. You can think of WinRM as the server side and WinRS the client side of WS-
Management.
[...]
Using WinRS to Administer Server Core in a Domain

The basic syntax for WinRS commands is as follows:

winrs -r:target command

where target is the name (NetBIOS or FQDN) of the Server Core installation that has had WinRM enabled on it,
and command is any command string that you want to execute on the Server Core installation. For example, to
use WinRS to enable Remote Desktop remotely on a Server Core installation named SEA-SC2, type the
following command on any computer running Windows Vista or on a Full installation of Windows Server 2008:

winrs -r:SEA-SC2 cscript %WINDIR%\system32\scregedit.wsf /ar 0

QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012.

On a server named Server2, you perform a Server Core Installation of Windows Server 2012. You join Server2
to the contoso.com domain.

You need to ensure that you can manage Server2 by using the Computer Management console on Server1.
What should you do on Server2?

A. Run the Disable-NetFirewallRule cmdlet.
B. Run the Enable-NetFirewallRule cmdlet.
C. Run sconfig.exe and configure the network settings.

D. Run sconfig.exe and configure remote management.

Correct Answer: B
Section: Remote Management & Server Core
Explanation

Explanation/Reference:
As we can see on the following screenshot, Remote Management is enabled by default on a new Server
Core installation of 2012 (so we don't have to configure it on Server2)
BUT that's not enough as it only enables WinRM-based remote management (and computer management
is not WinRM-based of course).
To enable the remote management from an MMC (such as server manager, or computer manager), we have
to enable exception rules in the Firewall,
which can be done, amongst other ways, using Powershell and the Enable-NetFirewallRule cmdlet.

NB : For the example, i only used Enable-NetFirewallRule -displaygroup "Remote Service Management" and
Computer Management was then able to connect to my 2012 server core.

==============
from the MSPress book "Upgrading your skills to MCSA Windows Server 2012"

Note also that in previous versions of Windows Server, remote Server Manager management required many
open ports, and Configure-SMRemoting was a Windows PowerShell script that opened all those ports. In
Windows Server 2012, remote Server Manager management relies only on WinRM for most features (such as
deploying roles, restarting, and Windows PowerShell) and on DCOM for some additional features (such as
Computer Management). Consistent with this more efficient remote management method, Configure-
SMRemoting configures only WinRM in Windows Server 2012, and is now the equivalent of the command
Winrm Quickconfig. Like when you enable remote management in the interface or by using Winrm Quickconfig,
if you enable remote management by using Configure-SMRemoting, you still need to enable the DCOM
ports manually later if you want more complete remote management functionality by using MMC
consoles.
[...]
Again, like Winrm Quickconfig and Configure-SMRemoting, enabling remote management in Sconfig
configures only WinRM-based remote management.

=================

http://technet.microsoft.com/en-us/library/jj554869.aspx
Enable-NetFirewallRule

Detailed Description

The Enable-NetFirewallRule cmdlet enables a previously disabled firewall rule to be active within the
computer or a group policy organizational unit.

This cmdlet gets one or more firewall rules to be enabled with the Name parameter (default), the DisplayName
parameter, rule properties, or by associated filters or objects. The Enabled parameter for the resulting queried
rules is set to True.

QUESTION 3
Your network contains an Active Directory domain named contoso.com.

The domain contains a server named Server1 that runs Windows Server 2012 and a server named Server2
that runs Windows Server 2008 R2 Service Pack 1 (SP1). Both servers are member servers.

On Server2, you install all of the software required to ensure that Server2 can be managed remotely from
Server Manager.

You need to ensure that you can manage Server2 from Server1 by using Server Manager.

Which two tasks should you perform on Server2? (Each correct answer presents part of the solution. Choose
two.)

A.
B.
C.
D.
E.

Run the Configure-SMRemoting.ps1 script.
Run the Enable-PSSessionConfiguration cmdlet.
Run the Set-ExecutionPolicy cmdlet.
Run the systempropertiesremote.exe command
Run the Enable-PSRemotingcmdlet.

Correct Answer: AC
Section: Remote Management & Server Core
Explanation

Explanation/Reference:
This question is debated as me providing the wrong answer, so I took the time to setup an exact replica in a lab
of what is being done here. After my proof will be the links provided that prove why I'm right.

First, I installed a 2008 R2 SP1 server and installed .Net 4 and WFM 3 on it. When I tried to connect with server
manager from 2012 I received this error:

Next I ran these commands on the 2008 R2 server from an elevated PowerShell:

Set-ExecutionPolicy RemoteSigned
Configure-SMRemoting.ps1 -force -enable

Finally, you can see where the machine is now showing as ready to be managed by 2012:

http://blogs.technet.com/b/canitpro/archive/2012/05/28/managing-older-versions-of-windows-with-windows-
server-8-beta-tools-and-vice-versa.aspx

The above mentioned link gives an exact step-by-step example of how to do this, which includes setting the
execution policy of PowerShell and Running the SMRemoting.ps1 script.

http://technet.microsoft.com/en-us/library/hh849694.aspx

This link describes that you cannot use the Enable-PSRemoting command on a machine that has both PS 2.0
and 3.0. Since 2008 R2 ships with 2.0, and WMF 3 installs 3.0, that means the 2008 R2 box would have both.

http://technet.microsoft.com/en-us/library/dd759202.aspx

http://msandbu.wordpress.com/2012/08/26/administer-other-windows-server-from-server-manager-2012/
Administer Other Windows Server from Server Manager 2012

Now the new Server Manager is a lifesaver, it allows to manage multiple servers from one console. By default it
is only supported for Windows Server 2012 but by downloading Windows Management Framework 3.0 and .
Net 4 you can manage older versions as well. (2008, 2008R2)

You can download the needed files from here –> http://www.microsoft.com/en-us/download/details.aspx?
id=29939
http://www.microsoft.com/nb-no/download/details.aspx?id=17718
(If you try to manage an older version you can get this error)

And you need to install these on the servers you need to manage.
After these are installed you need to run some commands.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Configure-SMRemoting.ps1 -force -enable

After that is done, you can now manage your other servers.

You can see that now the AD server (DC) is added and AD role is added on the side as well Smile

QUESTION 4
Your network contains an Active Directory domain named contoso.com.

The network contains a server named Server1 that runs Windows Server 2012 and a server named Server2
that runs Windows Server 2008 R2 Service Pack 1 (SP1).

Server1 and Server2 are member servers.

You need to ensure that you can manage Server2 from Server1 by using Server Manager. Which two tasks
should you perform? (Each correct answer presents part of the solution. Choose two.)

A.
B.
C.
D.
E.

Install Windows Management Framework 3.0 on Server2.
Install Remote Server Administration Tools on Server1.
Install the Windows PowerShell 2.0 engine on Server1.
Install Microsoft .NET Framework 4 on Server2.
Install Remote Server Administration Tools on Server2.

Correct Answer: AD
Section: Remote Management & Server Core
Explanation

Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh831456.aspx#BKMK_softconfig

QUESTION 5
Your network contains an Active Directory domain named contoso.com.

All servers run either Windows Server 2008 R2 or Windows Server 2012.
All client computers run either Windows 7 or Windows 8.

The domain contains a member server named Server1 that runs Windows Server 2012.

Server1 has the File and Storage Services server role installed. On Server1, you create a share named
Share1.

You need to ensure that users can use Previous Versions to restore the files in Share1. What should you
configure on Server1?

A data recovery agent
The Shadow Copies settings
The Recycle Bin properties
A Windows Server Backup schedule

A.
B.
C.
D.

Correct Answer: B
Section: Monitoring & Maintaing (Backup, Restore, Updates, Business Continuity, Disaster Recovery...)
Explanation

Explanation/Reference:

QUESTION 6
Your network contains an Active Directory domain named contoso.com.

The domain contains an enterprise certification authority (CA).

The domain contains a server named Server1 that runs Windows Server 2012.

You install the Active Directory Federation Services server role on Server1.

You plan to configure Server1 as an Active Directory Federation Services (AD FS) server.

The Federation Service name will be set to adfsl.contoso.com.

You need to identify which type of certificate template you must use to request a certificate for AD FS.

Which certificate template should you identify?

To answer, select the appropriate template in the answer area.

Hot Area:

Correct Answer:

Section: Certificates
Explanation

Explanation/Reference:
http://jorgequestforknowledge.wordpress.com/category/active-directory-federation-services-adfs/page/2/
(2012-08-31) Leveraging Federation Metadata To Setup A Federation Trust (Claims Provider Or Relying
Party)

If IIS was not pre-installed and/or if the default website was not already configured with a SSL certificate, the
following error will appear. Read it carefully and click on “OK”. It is recommended to FIRST get a certificate and
then connect the ADFS PRX server to the ADFS STS server(s).

[...]

If the ADFS PRX server is domain joined, you can request an SSL certificate using the next steps. If the ADFS
PRX server is operating as non-domain joined. You will need to do an offline certificate request and then
manually deploy it to ADFS PRX server(s).

For now I’m assuming it is domain joined as that is easier to describe!
[...]
In this case I’m going to use certificate from the CA in my test/demo environment.
-
Start the Certificates MMC on the ADFS PRX server and target the local computer. To request a certificate
navigate to “Certificates (Local Computer)” –> Personal –> Certificates. Right-click the last one and then “All
Tasks” –> “Request New Certificate”.

In this select the “Active Directory Enrollment Policy” and click on “Next”:

For this certificate you can leverage the “Web Server” certificate template. Select the “Web Server” certificate
template, click on details to expand for more information and click on “Properties”.

QUESTION 7
You have a server named Server1 that runs Windows Server 2012.

Server1 has the Hyper-V server role installed.

Server1 is connected to two Fibre Channel SANs and is configured as shown in the following table.

You have a virtual machine named VM1.

You need to configure VM1 to connect to SAN1. What should you do first?

A.
B.
C.
D.

Create a virtual Fibre Channel SAN.
Configure network adapter teaming.
Add one HBA.
Create a Hyper-V virtual switch.

Correct Answer: A
Section: Storage & High availability
Explanation

Explanation/Reference:

QUESTION 8
You have a file server named Server1 that runs Windows Server 2012.

Server1 has following hardware configurations:
· 16 GB of RAM

· A single quad-core CPU
· Three network teams that have two network adapters each

You add additional CPUs and RAM to Server1. You repurpose Server1 as a virtualization host.

You install the Hyper-V server role on Server1.

You need to create four external virtual switches in Hyper-V.

Which cmdlet should you run first?

Add-VMNetworkAdapter
Add-NetLbfoTeamNic
Set-NetAdapter
Remove-NetLbfoTeam

A.
B.
C.
D.

Correct Answer: D
Section: Hyper-V
Explanation

Explanation/Reference:
Here we're talking about hardware network adapters which belong to NIC teams

Each external virtual switch must be connected to a NIC or a NIC team, so we need 4 NICs or NIC teams
but currently only have 3 teams available.
=> we need to break a team first and then connect the two last external virtual switches to each of the 2
"liberated" NIC

(an other solution could be to add one physical NIC and connect the last external virtual switch to it.
or add several (two or more) NICs, create a NIC team containing them and connect the external virtual switch
to the NIC team)

==============

http://technet.microsoft.com/en-us/library/jj130848.aspx
NIC Teaming (NetLBFO) Cmdlets in Windows PowerShell

Remove-NetLbfoTeam : Removes the specified NIC team from the host.

=================

http://technet.microsoft.com/en-us/library/hh831648.aspx
NIC Teaming Overview

NIC Teaming, also known as load balancing and failover (LBFO), allows multiple network adapters on a
computer to be placed into a team for the following purposes:
Bandwidth aggregation
Traffic failover to prevent connectivity loss in the event of a network component failure
This feature has been a requirement for independent hardware vendors (IHVs) to enter the server network
adapter market, but until now NIC Teaming has not been included in Windows Server operating systems.

Requirements
NIC Teaming requires the presence of a single Ethernet network adapter, which can be used for separating
traffic that is using VLANs. All modes that provide fault protection through failover require at least two Ethernet
network adapters. Windows Server® 2012 supports up to 32 network adapters in a team.

==============

QUESTION 9
You perform a Server Core Installation of Windows Server 2012 on a server named Server1.

You need to add a graphical user interface (GUI) to Server1. Which tool should you use?

The setup.exe command
The imagex.exe command
The Install-RoleService cmdlet
The Add-WindowsFeature cmdlet

A.
B.
C.
D.

Correct Answer: D
Section: Remote Management & Server Core
Explanation

Explanation/Reference:
from the MSPress book "Upgrading your skills to MCSA Windows Server 2012"

Converting a server with a GUI to or from Server Core

You can switch between a Server Core installation and full installation in Windows Server 2012 because the
difference between these installation options is contained in two specific Windows features that can be
added or removed.
The first feature, Graphical Management Tools and Infrastructure (Server-Gui-Mgmt-Infra), provides a
minimal server interface and server management tools such as Server Manager and the Microsoft
Management Console (MMC). The second feature, Server Graphical Shell (Server-Gui-Shell), is dependent
on the first feature and provides the rest of the GUI experience, including Windows Explorer. In Figure 1-9, you
can see these two features in the Add Roles And Features Wizard, on the Select Features page, beneath User
Interfaces And Infrastructure.
To convert a full installation to a Server Core installation, just remove these two features in Server Manager.
Note that removing the first feature will automatically remove the second, dependent feature.
[...]
You can also remove these graphical interface features in Windows PowerShell. If you have deployed a
full installation of Windows Server 2012 and want to convert it to a Server Core installation, run the following
Windows PowerShell command:

Uninstall-WindowsFeature Server-GUI-MgmtiInfra -restart

Remember that you only need to specify Server-Gui-Mgmt-Infra for removal to remove both this feature
and Server-Gui-Shell. Once the graphical management tools and graphical shell have been removed, the
server restarts. When you log back on, you are presented with the Server Core user interface.
The process can be reversed by replacing both features. You can do this from a remote server by using the
Add Roles And Features Wizard in Server Manager. You can also do it locally by running the following
Windows PowerShell command:

Install-WindowsFeature Server-Gui-Shell -Restart

Note that when you install these two features from Windows PowerShell, you must specify them both.
[...]

[...]

To configure Minimal Server Interface, you can either start with a Server Core installation and add
Graphical Management Tools and Infrastructure
or start with a Server with a GUI and remove Server Graphical Shell.
[...]
The Graphical Management Tools and Infrastructure feature includes Server Manager and some other
basic administrative tools, but it does not include (i.e among tohers) Windows Explorer.
=============

NB : http://technet.microsoft.com/en-us/library/jj205467.aspx
Install-WindowsFeature

Installs one or more Windows Server roles, role services, or features on either the local or a specified remote
server that is running Windows Server 2012.
This cmdlet is equivalent to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role
services, and features in Windows Server 2008 R2.

==================

http://blogs.technet.com/b/yungchou/archive/2012/07/18/windows-server-2012-installation-options.aspx

[...]

[...]
Minimal Server Interface

This is new. In Windows Server 2012, with a Server with GUI installation one can remove the Server
Graphical Shell (which provides full GUI for server) to set a full server installation with the so-called
Minimal Server Interface option with the following PowerShell comlet.

Unstall-WindowsFeature Server-Gui-Shell -Restart

This basically provides a Server with GUI, but without installing Internet Explorer 10, Windows
Explorer, the desktop, and the Start screen.
Additionally, Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel
are still in place.

Minimal Server Interface requires 4 GB more disk space than Server Core alone

QUESTION 10
You have a server named Server 1 that runs Windows Server 2012.

Server1 has five network adapters.
Three of the network adapters are connected to a network named LAN1.
The two other network adapters are connected to a network named LAN2.

You create a network adapter team named Team1 from two of the adapters connected to LAN1.
You create a network adapter team named Team2 from the two adapters connected to LAN2.

A company policy states that all server IP addresses must be assigned by using a reserved address in DHCP.

You need to identify how many DHCP reservations you must create for Server1. How many reservations should
you identify?

2
3
5
7

A.
B.
C.
D.

Correct Answer: B
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess...)
Explanation

Explanation/Reference:
1 reservation for the NIC team on LAN1
1 reservation for the stand-alone NIC on LAN1
1 reservation for the NIC team on LAN2

=> 3 reservations.

QUESTION 11
You have a server named Server 1 that runs Windows Server 2012.

You connect three new hard disks to Server 1.

You need to create a storage space that contains the three disks. The solution must meet the following
requirements:

· Provide fault tolerance if a single disk fails.
· Maximize the amount of useable storage space.

What should you create?

A.
B.
C.
D.

A spanned volume
A simple space
A parity space
A mirrored space

Correct Answer: C
Section: Storage & High availability
Explanation

Explanation/Reference:
simple space does not provide fault tolerance, neither does spanned volumes, whereas parity & mirrored
spaces do.

=> so the question is parity space or mirrored space to maximize the amount of useable storage space?

=============
http://en.wikipedia.org/wiki/Spanned_volume

Unlike RAID, spanned volumes have no fault-tolerance, so if any disk fails, the data on the whole volume
could be lost.

============
http://arstechnica.com/information-technology/2012/10/storage-spaces-explained-a-great-feature-when-it-
works/
Storage Spaces explained: a great feature, when it works

Three-way mirroring gives you less usable space than two-way mirroring, but can tolerate the failure of up to
two disks at once.
Parity mirroring gives more usable space than either mirroring mode (a 20GB storage space configured
with two-way mirroring will require about 40GB of physical disk space, but a 20GB parity storage space requires
only about 30GB) but comes with the aforementioned performance hit.

==============

http://technet.microsoft.com/en-us/library/jj822938.aspx

NB : Parity spaces are not supported in a failover cluster configuration.

QUESTION 12
You have a server named Server1 that runs a full installation of Windows Server 2012.

You need to uninstall the graphical user interface (GUI) on Server1.

You must achieve this goal by using the minimum amount of administrative effort. What should you do?

A.
B.
C.
D.

From Server Manager, uninstall the User Interfaces and Infrastructure feature.
From Windows PowerShell, run Uninstall-WindowsFeature PowerShell-ISE.
From Windows PowerShell, run Uninstall-WindowsFeature Desktop-Experience.
Reinstall Windows Server 2012on the server.

Correct Answer: A
Section: Remote Management & Server Core
Explanation

Explanation/Reference:

QUESTION 13
Your network contains an Active Directory domain named contoso.com.

The domain contains two domain controllers.

The domain controllers are configured as shown in the following table.

In the perimeter network, you install a new server named Server1 that runs Windows Server 2012.

Server1 is in a workgroup.

You need to perform an offline domain join of Server1 to the contoso.com domain. What should you do first?

A.
B.
C.
D.

Run the djoin.exe command.
Run the dsadd.exe command.
Transfer the PDC emulator role to DC1.
Transfer the infrastructure master role to DC1.

Correct Answer: A
Section: DC, AD, GPO & FSMO roles
Explanation

Explanation/Reference:
There do not appear to be any requirements on operations master roles for this specific requirement.

====
moreover, ODJ is available on both 2008R2 and 2012

and if there was to deal with a FSMO, RID would be concerned as it's needed to create an AD object (in this
case, creating the computer account) but it's not an answer here.
so i'll keep djoin even if i'm not 100% sure

QUESTION 14
Your network contains an Active Directory domain named contoso.com.

All domain controllers run Windows Server 2008 R2.

One of the domain controllers is named DC1.

The network contains a member server named Server1 that runs Windows Server 2012.

You need to promote Server1 to a domain controller by using install from media (IFM). What should you do
first?

Create a system state backup of DC1.
Run the Active Directory Domain Services Installation Wizard on DC1.
Run the Active Directory Domain Services Configuration Wizard on Server1.
Create IFM media on DC1.
Upgrade DC1 to Windows Server 2012.

A.
B.
C.
D.
E.

Correct Answer: E
Section: DC, AD, GPO & FSMO roles
Explanation

Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc770654(v=ws.10).aspx

QUESTION 15
Your network contains an Active Directory domain named contoso.com.

The domain contains two domain controllers named DC1 and DC2.

You install Windows Server 2012 on a new computer named DC3.

You need to manually configure DC3 as a domain controller. Which tool should you use?

A.
B.
C.
D.

winrm.exe
Server Manager
dcpromo.exe
Active Directory Domains and Trusts

Correct Answer: B
Section: DC, AD, GPO & FSMO roles
Explanation

Explanation/Reference:
fyi, when you try to DCpromo a Server 2012, you get this message :

QUESTION 16
You have a server named Server1 that has the Web Server (IIS) server role installed.

You obtain a Web Server certificate.

You need to configure a website on Server1 to use Secure Sockets Layer (SSL).

To which store should you import the certificate?

To answer, select the appropriate store in the answer area.

Hot Area:

Correct Answer:

Section: Certificates
Explanation

Explanation/Reference:
A computer certificate in the Personal store is required.

QUESTION 17
Your network contains an Active Directory forest named contoso.com.

All domain controllers currently run Windows Server 2008 R2.

You plan to install a new domain controller named DC4 that runs Windows Server 2012.

The new domain controller will have the following configurations:
· Schema master

· Global catalog server
· DNS Server server role
· Active Directory Certificate Services server role

You need to identify which configurations cannot be fulfilled by using the Active Directory Installation Wizard.

Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)

A.
B.
C.
D.

Enable the global catalog server.
Install the Active Directory Certificate Services role.
Transfer the schema master.
Install the DNS Server role.

Correct Answer: BC
Section: DC, AD, GPO & FSMO roles
Explanation

Explanation/Reference:
AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server.
ADCS and schema must be done separately.

QUESTION 18
Your network contains an Active Directory forest.

The forest contains two domains named contoso.com and corp.contoso.com.

The forest contains four domain controllers.
The domain controllers are configured as shown in the following table.

All domain controllers are DNS servers.

In the corp.contoso.com domain, you plan to deploy a new domain controller named DC5.

You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully
to a domain controller. Which domain controller should you identify?

DC3
DC4
DC2
DC1

A.
B.
C.
D.

Correct Answer: C
Section: DC, AD, GPO & FSMO roles
Explanation

Explanation/Reference:
initial answer : DC3 => false
my first answer was RID too.
as a DC requires a RID Master to get an account-identiļ¬er pool so he can create accounts in AD.
but as we have only one choice and the the Domain Naming Master is explicitly designated as being required
when promoting a DC i change the answer to DC2.

http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx
Managing RID Pool Depletion

Anytime you create a writable DC, it gets 500 new RIDs from the RID Master.
===============

http://www.sqa.org.uk/e-learning/NetInf201CD/page_37.htm
Domain Naming Master

Active Directory stores pointers to other domains in a CrossRef object located in a Partitions container
in the Configuration naming context. This object contains attributes that describe the distinguished name,
DNS name, the flat name and the name of the Domain naming context, along with the kind of trust relationship
that binds the domain to the forest.

When you create a new domain in an existing forest, the new domain represents a separate naming

context and a new CrossRef object must be created in a Partitions container. Only one domain controller
in a forest, the Domain Naming Master, is allowed make changes to the Partitions container. This
prevents two administrators from creating new domains with identical names during the same
replication interval.

By default, the Domain Naming Master is the first domain controller in a forest, but the role can be transferred
to any domain controller through the Active Directory Domains and Trusts snap-in. The Domain Naming Master
should always reside in the root domain.

===============
http://www.symantec.com/connect/articles/readyfsmo-roles-active-directory-windows-2008-server
FSMO Roles in Active Directory in Windows 2008 Server

1. Forest Roles

Schema Master - As name suggests, the changes that are made while creation of any object in AD or
changes in attributes will be made by single domain controller and then it will be replicated to another domain
controllers that are present in your environment. There is no corruption of AD schema if all the domain
controllers try to make changes. This is one of the very important roles in FSMO roles infrastructure.
Domain Naming Master - This role is not used very often, only when you add/remove any domain
controllers. This role ensures that there is a unique name of domain controllers in environment.

2. Domain Roles

Infrastructure Master - This role checks domain for changes to any objects. If any changes are found then it
will replicate to another domain controller.
RID Master - This role is responsible for making sure each security principle has a different identifier.
PDC emulator - This role is responsible for Account policies such as client password changes and time
synchronization in the domain

QUESTION 19
Your network contains an Active Directory domain named contoso.com.

The domain contains servers named Server1 and Server2 that run Windows Server 2012.

Server1 has the IP Address Management (IPAM) Server feature installed.

You install the IPAM client on Server2.

You open Server Manager on Server2 as shown in the exhibit.

You need to manage IPAM from Server2. What should you do first?

A.
B.
C.
D.

On Server2, open Computer Management and connect to Server1.
On Server1, add the Server2 computer account to the IPAM ASM Administrators group.
On Server2, add Server1 to Server Manager.
On Server1, add the Server2 computer account to the IPAM MSM Administrators group.

Correct Answer: C
Section: Remote Management & Server Core
Explanation

Explanation/Reference:
in the exhibit, we can see that only one server is managed with Server Manager on Server2 (itself, as in a
Server, Server Manager always contains at least the server itself) :

so we can be sure that Server1 is not added to Server2

ServerManager Console.

so if we want to manage IPAM, we should add Server1 to Server2's Server Manager

==============

http://technet.microsoft.com/en-us/library/hh831622.aspx
Step-by-Step: Configure IPAM to Manage Your IP Address Space

IP Address Management (IPAM) in Windows Server® 2012 is a framework for discovering, monitoring,
managing and auditing IP address space on a corporate network. IPAM provides the following features:
Automatic IP address infrastructure discovery
Highly customizable IP address space display, reporting, and management
Configuration change auditing for DHCP and IPAM services
Monitoring and management of DHCP and DNS services
IP address lease tracking
[...]
IPAM security groups

The following local IPAM security groups are created when you install IPAM.

IPAM Users: Members of this group can view all information in server discovery, IP address space, and
server management. They can view IPAM and DHCP server operational events, but cannot view IP address
tracking information.

IPAM MSM Administrators: IPAM multi-server management (MSM) administrators have IPAM Users
privileges and can perform IPAM common management tasks and server management tasks.

IPAM ASM Administrators: IPAM address space management (ASM) administrators have IPAM Users
privileges and can perform IPAM common management tasks and IP address space tasks. (that's a

user group, not a computer group)

IPAM IP Audit Administrators: Members of this group have IPAM Users privileges and can perform IPAM
common management tasks and can view IP address tracking information.

IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM
tasks.
===================

http://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CDwQFjAB&url=http%3A%
2F%2Fdownload.microsoft.com%2Fdownload%2FF%2F6%2F9%2FF69BE7E8-3E99-4A4A-B189-
8AFADABC6216%2FUnderstand%2520and%2520Troubleshoot%2520IP%2520Address%2520Management%
2520(IPAM)%2520in%2520Windows%2520Server%25208%2520Beta.
docx&ei=5xXWUIzRAsaQhQeUz4GQCg&usg=AFQjCNGh5tHzxwcaU9vXDGmPUgtjfPvhnw&bvm=bv.1355534
169,d.d2k (download.microsoft.com)
Understand and Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta

If you are accessing the IPAM server remotely using ServerManager IPAM client RSAT, then you must be
a member of the WinRMRemoteWMIUsers group on the IPAM server, in addition to being a member of the
appropriate IPAM security group (or local Administrators group).
[...]

Installation Process – IPAM Client

Although the IPAM client feature is automatically installed on a Windows Server "8" Beta server, along with
installation of the IPAM Server feature, this component can also be installed or uninstalled on its own. Click
through the Add roles and features wizard screens to select Role or Feature Based Install and the target server.
On the Select Features screen, select Remote Server Administration Tools -> Feature Administration
Tools -> IP Address Management (IPAM) Client. Click Add Features when prompted.
[...]
In order for the IPAM client to connect to an IPAM server, you must ensure that the target IPAM
server is added to the Server Manager purview using the Add Servers wizard launched from the
Manage menu. If both IPAM client and IPAM server are running on the same server, then by default the IPAM
UI connects to the local IPAM server instance.

==============

QUESTION 20
Your network contains an Active Directory domain named contoso.com.

The domain contains a domain controller named DC1 and a member server named Server1.

Server1 has the IP Address Management (IPAM) Server feature installed.

On DC1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.

On Server1, you open Server Manager as shown in the exhibit.

You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?

A.
B.
C.
D.

Modify the outbound firewall rules on Server1.
Add Server1 to the Remote Management Users group.
Add Server1 to the Event Log Readers group.
Modify the inbound firewall rules on Server1.

Correct Answer: C
Section: Network (DNS, DHCP, NIC teaming, IPAM, VPN, NAP, DirectAccess...)
Explanation

Explanation/Reference:

The exhibit shows (in the details tab) that firewall rules are OK for DNS management (DNS RPC Access
Status Unblocked)

But it shows too that Event log Access Status is blocked (which by the way blocks the IPAM Access Status)

=> we should solve this by adding the Server1 computer account to the Event Log Readers group

==================

Understand and Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta (download.
microsoft.com)

IPAM Access Monitoring

IPAM Access Settings

-->

Part1  Part2  Part3  Part4
-->