MCSE 70-410 R2

How does an administrator repair or change permissions on a file in which the

administrator has
been denied permissions?
The administrator should take ownership of the file
Which file on a domain controller contains all resource records for the Active
Directory domain controller, including its SRV records?
Netlogon.dns in the %systemroot%\System32\Config folder
Which generation(s) of virtual machines allows the VM to boot using IPv4?
both Generation 1 and Generation 2 virtual machines
How do you hide a share so that it is not visible in the network, but allows users
that have the appropriate permissions to access the folder?
Create a hidden share by putting a dollar sign ($) after the share name
How can you perform an in-place upgrade from a Windows Server 2008 server
with a 32-bit processor to Windows Server 2012 R2?
In-place upgrades from 32-bit to 64-bit architectures are not supported. You
must perform a clean
installation.
Which DHCP option number specifies the DNS domain name that the client
should use for DNS
computer name resolution?
015
What prevents a range of IP addresses within a DHCP scope from being leased
to any computer?
scope exclusion
How does the load balancing and failover of network
traffic differ between Windows Server 2012 and
Windows Server 2012 R2?
Answer:
Unlike Windows Server 2012, Windows Server 2012
R2 provides a balanced load distribution between
NICs in a NIC team.
Item: 9
Why does Microsoft recommend that you create a new
Group Policy Object (GPO) for AppLocker in
environments where both Software Restriction Policies
and AppLocker are in place?
Answer:
If you upgrade a computer that uses Software
Restriction Policies to Windows Server 2012 R2 or
Windows 8.1, and then implement AppLocker rules,
only the AppLocker rules will be enforced.
Item: 10
When editing a Group Policy, which Flexible Single
Master Operations (FSMO) role contains the version
of the Group Policy that is being edited?

PDC emulator
Item: 11
What command adds a remote server to the local
computer's TrustedHosts list in a Windows PowerShell
session?
Answer:
Set-Item wsman:\localhost\Client\TrustedHosts
<Remote Server Name> -Concatenate -Force
Item: 12
Which PowerShell cmdlet is used to create port
mirroring?
Answer:
Set-VMNetworkAdapter
Item: 13
Which PowerShell cmdlet creates a new NIC team
that consists of one or more network adapters?
Answer:
New-NetLbfoTeam
Item: 14
Which command is used to configure one or many
servers with an SCW-generated policy?
Answer:
Scwcmd
Item: 15
Which type of zone resolves an IP address to a name?
Answer:
A reverse lookup zone
Item: 16
In Active Directory Users and Computers, how do you
display the Security and Object tab in the properties
of an OU?
Answer:
You need to click View and then Advanced Features
in Active Directory Users and Computers before
clicking on the properties of the OU

Item: 17
Which command would you run on a Windows Server
2012 R2 server to force a group policy to apply to
another Windows Server 2012 R2 computer, named
SRV2?
Answer:
winrs -r:SRV2 gpupdate /force
Item: 18
Which command can be used to redirect newly
created users from the default container named
CN=Users to a specified container?
Answer:
the redirusr command
Item: 19
What does the Block setting on a Firewall profile
block?
Answer:
Blocks all connections that do not have firewall rules
that explicitly allow the connection
Item: 20
What allows a virtual machine to connect to a virtual
SAN attached to a Windows Server 2012 server with
the Hyper-V role installed?
virtual Fibre Channel Adapter
Item: 21
What would be the reason to setup a virtual machine
with a pass-through disk?
Answer:
Pass through disks provide noticeably better
performance
Item: 22
Which new feature of Windows Server 2012 R2
protects against simultaneous physical disk failures by
storing two copies of parity information in the parity
space?
Answer:
Dual parity

Item: 23
What is the term for the folder that is created in the
SYSVOL folder of an Active Directory domain
controller and is used to provide a centralized storage
location for ADMX and ADML files for the domain?
Answer:
central store
Item: 24
Which Hyper-V feature drops DHCP server messages
coming from a VM?
Answer:
DHCPGuard
Item: 25
When can single-root I/O virtualization (SR-IOV) be
configured in Virtual Switch manager?
Answer:
only when a virtual switch is created
Item: 26
What comprises the membership list of a local group?
Answer:
Users and computers from any trusted domain
Global groups from any trusted domain
Universal groups from any trusted domain
Item: 27
Which ports and protocols should you enable on the
Windows Firewall for a Windows Server 2012 R2
acting as a VPN server to allow inbound PPTP
connections?
Answer:
TCP port 1723 and IP Protocol ID 47
Item: 28
Which feature of the Hyper-V role allows you to
specify whether a VM is allowed to change its source
MAC address for outgoing packets?
Answer:
MAC address spoofing
Item: 29

What are two ways to remove Windows Explorer, Windows Internet Explorer, and
all related
components and files from a full installation of
Windows Server 2012 R2?
run Uninstall-WindowsFeature or use Server Manager to remove the Server
Graphical Shell
Item: 30
Which PowerShell cmdlet deletes user accounts?
Answer:
Remove-ADUser
Item: 31
What utility can you use to enable remote
management on a Server Core installation of Windows
Server?
Answer:
sconfig
Item: 32
What subnet mask would you use to further divide the
192.168.0.0/24 network to a subnet that supports up
to 110 hosts?
Answer:
/25 or 255.255.255.128
Item: 33
How would you grant a group of users the authority to
reset user's passwords for the OUs located in the
domain?
Answer:
On the OU, use the Delegation of Control Wizard to
delegate the Reset user passwords and force
password change at next logon task to the group.
Item: 34
If a DNS server has both a conditional forwarder
defined for a given domain and a server level
forwarder, which forwarder will be used to resolve a
query in the given domain?
Answer:
The conditional forwarder
Item: 35

Which feature of the Hyper-V role allows traffic sent to

or from a Hyper-V Virtual Switch port to be copied and
sent to a mirror port?
Answer:
Port mirroring
Item: 36
Which PowerShell cmdlet can be used to find a list of
stale computers that have not been logged into by
anyone in four weeks?
Answer:
get-adcomputer
Item: 37
Which type of zone will prevent the use of forwarders
or the use of root DNS servers listed in the Root Hints
tab of the DNS server?
Answer:
A root zone
Item: 38
What does the term "Same Sign-On" mean with
respect to the Windows Azure Active Directory Sync
Tool?
Answer:
Users that have their passwords synchronized to
Windows Azure AD will be able to use the same
username and password to log into their Azure AD
services as well as their on-premises resources.
Item: 39
Is it possible to use Server Manager on a Windows
Server 2008 R2 server to install roles on a Server
Core installation of Windows Server 2012 R2?
Answer:
No, you must use the version of Server Manager
available in Windows Server 2012 R2 or the Remote
Server Administration Tools for Windows 8 or
Windows 8.1
Item: 40
Which Hyper-V feature offloads the perpacket
encryption operations from the VM to
the NIC, resulting in substantial CPU
savings?

Answer:
IPsec Task Offload (IpsecTO)
Item: 41
Which edition of a Windows Server 2012 based
operating system should be the source of the media
that you use to create additional domain controllers
running Windows Server 2012 R2 Datacenter edition
with the install from media (IFM) method?
Answer:
Windows Server 2012 R2 Datacenter edition
Item: 42
What parameter of the Import-GPO cmdlet will create
the destination GPO if the GPO does not exist?
Answer:
-CreateIfNeeded
Item: 43
What is the difference between a fixed size virtual hard
disk and a dynamically expanding virtual hard disk?
Answer:
A fixed size disk uses the size of the virtual
hard disk and does not change when data is
deleted or added
A dynamically expanding disk is created small,
and changes as data is added
Item: 44
What action must you perform before attaching a
VHDX from a Generation 2 virtual machine to a
Generation 1 virtual machine?
Answer:
None. VHDXs created on Generation 2 virtual
machines will work on Generation 1 virtual machines.
Item: 45
Can you upgrade from a Windows Server 2008 R2
Server Core installation to the Server with a GUI mode
of Windows Server 2012 R2 in one step?
Answer:
No. You must first upgrade your Server Core
installation to Windows Server 2012 R2 Server Core,
then switch to the GUI mode of Windows Server 2012
R2.

Item: 46
If a virtual machine has a legacy network adapter, how
can you specify the minimum and maximum bandwidth that the adapter can
use? Item:
You must replace the legacy network adapter with a
non-legacy network adapter
Item: 47
What type of storage layout from a storage pool best
suited for temporary data, such as video rendering
files, image editor scratch files, and intermediary
compiler object files?
Answer:
simple spaces
Item: 48
What two commands allow you to view installed
updates on a Server Core installation of Windows
Server 2012 R2?
Answer:
either the systeminfo command or the wmic qfe list
command
Item: 49
What cmdlet will remove a specified NIC team from a
Windows Server 2012 R2 Server Core installation?
Answer:
Remove-NetLbfoTeam
Item: 50
Why does a striped volume offer better write
performance than a RAID-5 volume?
Answer:
A RAID-5 volume writes both parity blocks and data
blocks, so it does not offer the write performance of a
striped volume, which only writes data blocks.
Item: 51
Why would you get the error *** Can't find
server name for address w.x.y.z: Timed
out when starting the nslookup utility?
Answer:
The name server does not exist or the name server
does not have a PTR record in a reverse lookup zone

Item: 52
What Windows Server 2012 R2 functionality allows
communication between IPV6 and IPV4 networks that
are behind NAT servers when you cannot use ISATAP
or 6to4?
Answer:
Teredo
Item: 53
When you want to set up a pass-through disk for a
virtual machine, what state must you configure for the
physical disk in the Disk Management snap-in?
Answer:
offline
Item: 54
What feature of Hyper-V in Windows Server 2012 R2
is used to bridge the memory gap between minimum
memory and startup memory, and allow virtual
machines to restart reliably?
Answer:
Smart Paging
Item: 55
What does the Block all connections setting on a
Firewall profile block?
Answer:
Blocks all connections, regardless of any firewall rules
that explicitly allow the connection
Item: 56
Which command would you run to add a domain user
account to the local Administrators group on a
Windows Server 2012 R2 Server Core server?
Answer:
net localgroup administrators /add
<DomainName>\<UserName>
Item: 57
What is the minimum number of dynamic drives
required to create a mirrored volume?
Answer:
2

Item: 58
Which service should you restart to re-register all SRV
records for a domain controller?
Answer:
the NetLogon service
Item: 59
To specify the Accounts:Rename Administrator
account policy to rename the local Administrator
account on a computer to a different name, what path
in a GPO must you search for the policy?
Answer:
Computer Configuration\Policies\Windows
Settings\Security Settings\Local Policies\Security
Options
Item: 60
If you upgrade a computer that is using Software
Restriction Policies to Windows Server 2012 R2 or
Windows 8.1, and then implement AppLocker rules,
which set of policies is enforced?
Answer:
only the AppLocker rules are enforced
Item: 61
How can you deny specific computers from obtaining
an IP address from a DHCP server?
Answer:
Create a deny filter based on MAC address of the
computer
Item: 62
Which version of the Windows operating system
allows you to create parity spaces on failover clusters?
Answer:
Windows Server 2012 R2
Item: 63
Which feature introduced in Windows Server 2012 lets
remote users run PowerShell commands from any
web-enabled device?
Answer:
Windows PowerShell Web Access

Item: 64
Which tool do you use to edit a local Group Policy on a
computer?
Answer:
you can open and edit a GPO by using the Group
Policy Editor
Item: 65
Which firewall profile is applied when a computer is
connected to a domain through a public network?
Answer:
Public profile
Item: 66
What PowerShell cmdlet would you use to display the
settings that have been enabled in a particular GPO?
Answer:
the Get-GPOReport cmdlet
Item: 67
Which Hyper-V feature drops router advertisement
and redirection messages from unauthorized VMs?
Answer:
RouterGuard
Item: 68
What setting of a virtual machine in Hyper-V manager
specifies the behavior of the VM when the physical
computer starts?
Answer:
Automatic Start Action
Item: 69
What happens when you run dcpromo.exe with no
parameters from a Windows Server 2012 R2
command prompt?
Answer:
It will not work. You will get a message pointing you to
Server Manager.
Item: 70
What is the scope of the Restore-GPO cmdlet when
restoring GPO backups?

Answer:
It only restores GPO backups to the original domain
where the GPO was saved
Item: 71
When printer priorities are configured for print devices,
what printer is allowed to print first?
Answer:
The one with the highest priority, which is the one with
the highest number assigned to it
Item: 72
What Hyper-V feature introduced in Windows Server
2008 R2 defines the startup memory as the minimum
amount of memory that a virtual machine can have?
Answer:
Dynamic Memory
Item: 73
What utility can you use to apply a quota to a specific
path on an NTFS volume?
Answer:
File Server Resource Manager.
Item: 74
Which command enables Server Manager remote
management and enables all required firewall rule
exceptions?
Answer:
Configure-SMRemoting.exe -enable
Item: 75
What PowerShell cmdlet would you use to change a
static IP address on a Windows Server 2012 R2
Server Core server?
Answer:
New-NetIPAddress
Item: 76
Which feature of the Hyper-V role allows you to
specify limits on the physical hardware, such as
setting the relative weight and the percentage of total
system resources on a processor?

Resource Control
Item: 77
Which services under Integration Services in Hyper-V
Manager can you make available to a virtual machine?
Answer:
Operating system shutdown
Time synchronization
Data Exchange
Heartbeat
Backup (volume snapshot)
Item: 78
If a client has a DHCP reservation, there is a DHCP
allow list enabled, and the client is not on the DHCP
allow list, will the client receive an IP address from the
DHCP server?
Answer:
No. You'll need to add the client's MAC address to the
list.
Item: 79
Software based keyboards are found in which
generation(s) of virtual machines?
Answer:
Generation 2 only
Item: 80
How can domain administrators disable the processing
of local GPOs on clients that are running Windows
client and Windows Server operating systems?
Answer:
by enabling the Turn Off Local Group Policy
Objects Processing policy setting in a domain GPO
Item: 81
What IPv6 transition technology defines a method for
generating a link-local IPv6 address from an IPv4
address, and a mechanism to perform Neighbor
Discovery on top of IPv4?
Answer:
ISATAP
Item: 82
What permissions are assigned to the parent OU and

child OU when you create a child OU that has

the Protect object from accidental deletion setting
enabled?
Answer:
an explicit Deny ACEs for the Delete and
Delete Subtree advanced permissions for the
Everyone group is applied to the child OU
an explicit Deny ACE for the Delete All Child
Objects permission for the Everyone group is
applied to the parent container OU
Item: 83 Answer
Which DHCP option number specifies a list of IP
addresses for DNS name servers available to the
client?
Answer:
006
Item: 84
Which domain controller should be the source of the
media that you use to create additional domain
controllers with the install from media (IFM) method?
Answer:
a domain controller in the same domain as the new
domain controller
Item: 85
What technology is similar to 6to4 in that it allows you
to tunnel IPv6 packets over the IPv4 Internet?
Answer:
Teredo
Item: 86
What type of AppLocker rule would you use to control
an application from the Windows store?
Answer:
a packaged app rule
Item: 87
What does the Allow setting on a Firewall profile
allow?
Answer:
Allows the connection, unless there is a firewall rule
that explicitly blocks the connection

Item: 88
What subnet mask would you use to further divide the
10.10.0.0/16 network to a subnet that supports up to
525 hosts?
Answer:
/22 or 255.255.252.0 which supports 2^10-2, or 1024,
hosts per subnet
Item: 89
To perform an offline domain join during an
unattended operating system installation of a Server
Core version of Windows Server 2012 R2, what
command should you run first?
Answer:
djoin /provision
Item: 90
What is the term when one logical printer is connected
to multiple printer devices through multiple ports of the
print server?
Answer:
A printer pool
Item: 91
Why can you not use distribution groups to assign
permissions explicitly or implicitly through membership
in other groups for resources?
Answer:
Unlike security groups, distribution groups are not
security principals
Item: 92
Which cmdlet(s) can you use to create a domain
controller on a Server Core installation of Windows
Server 2012 R2?
Answer:
install-windowsfeature -Name AD-DomainServices
OR
get-windowsfeature AD-DomainServices | install-windowsfeature AND
Install-ADDSDomainController
Item: 93
Which PowerShell cmdlet would you use to enable
Windows PowerShell Remoting on a Windows Server

2012 R2 server core server so that commands typed

in Windows PowerShell on one computer are able to
run on another computer?
Answer:
Enable-PSRemoting
Item: 94
Which firewall profile is applied when a computer is
connected to a network in which the computer's
domain account resides?
Answer:
Domain profile
Item: 95
Which utility synchronizes user passwords from your
on-premises Active Directory to Azure Active
Directory, letting users access Microsoft Cloud
Services with the same password that they use to
access on-premises resources?
Answer:
Windows Azure Active Directory Sync Tool
Item: 96
Which user feature protects the computer from the
unauthorized installation of any software?
Answer:
User Account Control (UAC)
Item: 97
If you use a Windows Server 2008 R2 DNS server and
implement ISATAP, what must you configure on the
DNS server?
Answer:
To allow name resolution for the ISATAP name, you
must remove ISATAP from the global query block list
of the DNS Server service for each DNS server on
your intranet running Windows Server 2008 R2 or
Windows Server 2008.
Item: 98
Which service, if stopped, with will prevent AppLocker
policies from being enforced?
Answer:
the Application Identity service

Item: 99
What comprises the membership list of a global
group?
Answer:
Users and computers from the same domain as
the global group
Global groups from the same domain
Item: 100
Which IPv6 prefix is a unique local unicast allocation?
Answer:
FC00::/7
Item: 101
How must you configure a Windows Server 2012 R2
server in a workgroup with the DNS server role loaded
in order to support Active Directory zones?
Answer:
Make the server a domain controller
Item: 102
What cmdlet removes the routing entry for the default
gateway before applying a new one?
Answer:
Remove-NetRoute -DestinationPrefix ::/0
-Confirm
Item: 103
What are the differences between firewall rules and
connection security rules?
Answer: Firewall rules allow traffic through, but do notsecure that traffic
Connection security rules can secure the traffic,
but only if a firewall rule was previously
configured
Item: 104
Which cmdlet creates a point-in-time image of a virtual
machine for later use?
Answer:
Checkpoint-VM
Item: 105
Which type of virtual hard disk is recommended for

servers running applications with high levels of disk

activity?
Answer:
Fixed size VHD
Item: 106
Which local resources can be redirected to a virtual
machine session through Virtual Machine Connection
tool through enhanced session mode?
Answer:
Display configuration
Audio
Printers
Clipboard
Smart cards
USB devices & Drives
Supported Plug and Play devices
Item: 107
If you had both a Restricted Group setting and a
Preference setting in the membership of a group in a Group Policy Object, which
setting would apply?
Answer:
the Restricted Group setting would apply because
GPO policy settings take priority over GPO preference settings if there is a
conflict
Item: 108
To open the Windows Firewall with Advanced Security
from the Start screen, what do you type from the Run
prompt?
Answer:
wf.msc
Item: 109
When creating a template user account, why should
you set the Account is Disabled property on the
account?
Answer:
So no one can use it to log in.
Item: 110
If a client has a DHCP reservation, the DHCP allow list
is not enabled, and the client is on the DHCP deny list,
will the client receive an IP address from the DHCP
server?

Answer:
No. You'll have to remove the MAC address for that
client from the deny list.
Item: 111
Why does Microsoft recommend that you create a new
Group Policy Object (GPO) for AppLocker in
environments where both Software Restriction Policies
and AppLocker are in place?
Answer:
If you upgrade a computer that uses Software
Restriction Policies to Windows Server 2012 R2 or
Windows 8.1, and then implement AppLocker rules,
only the AppLocker rules will be enforced.
Item: 112
What should you load on a Windows 7, Windows 8, or
Windows 8.1 laptop to remotely manage roles and
features in Windows Server 2012 R2?
Answer:
Remote Server Administration Tools (RSAT)
Item: 113
Which type of GPO allows you to create a baseline
from which you can build GPOs?
Answer:
A Starter GPO
Item: 114
To configure Windows PowerShell Web Access, what
three things must you do?
Answer:
1. Install Windows PowerShell Web Access
2. Configure the gateway
3. Configure authorization rules that allow users
access to the Web-based Windows PowerShell
console
Item: 115
Which utility do you use to create a domain controller
on a server running the full GUI installation of
Windows Server 2012 R2?
Answer:
Server Manager

Item: 116
What parameter must you use with the Dism
command to mount an offline Windows image?
Answer:
/Mount-Image
Item: 117
When a virtual machine snapshot is deleted, why is
the deleted snapshot's storage space available without
requiring a VM restart?
Answer:
In Windows Server 2012, operations that keep the
virtual machine and any remaining snapshots
synchronized after deleting a snapshot occur while the
VM remains running.
Item: 118
Which feature of the Hyper-V role allows you to charge
departments based on how much resources the virtual
machines assigned to a particular department use?
Answer:
resource metering
Item: 119
What Group Policy setting provides faster access to
cached files and redirected folders by providing lower
bandwidth usage because users are always working
offline, even when they are connected through a highspeed
network connection?
Answer:
Enable the Always Offline mode by using Group Policy
to enable the Configure slow-link mode policy
setting
Item: 120
What type of storage layout from a storage pool is not
supported in a failover cluster?
Answer:
Parity spaces
Item: 121
How do you upgrade from a Windows Server 2008
Server Core installation to the Server with a GUI mode
of Windows Server 2012 R2?
Answer:

One-step upgrades are not supported. You must first

upgrade your Server Core installation to Windows
Server 2012 Server Core, then switch to the GUI
mode of Windows Server 2012 R2.
Item: 122
Which PowerShell cmdlet would you use to install a
DHCP server and a DNS server on a Server Core
installation of Windows Server 2012 R2?
Answer:
Install-WindowsFeature DHCP, DNS
Item: 123
Which firewall profile is applied when a computer is
connected to a network in which the computer's
domain account does not reside, such as a home
network?
Answer:
Private profile
Item: 124
Which command can be used to join a computer to a
domain without contacting a domain controller?
Answer:
djoin.exe
Item: 125
Which feature of the Hyper-V role allows you to make
services such as Volume Shadow Copy Services, time
synchronization, and operating system shutdown
available to a virtual machine?
Answer:
Integration services
Item: 126
Which zone is designed to resolve single-label
names?
Answer:
The GlobalNames zone
Item: 127
Which ports and protocols should you enable on the
Windows Firewall for a Windows Server 2012 R2
acting as a VPN server to allow inbound SSTP
connections?

Answer:
TCP Port 443
Item: 128
Which cmdlet compares the current DSC configuration
and the actual DSC configuration?
Answer:
Test-DscConfiguration
Item: 129
What is the default generation of a new virtual
machine on a Windows Server 2012 R2 server
running Hyper-V?
Answer:
Generation 1
Item: 130
What are the first valid subnets that you can use if you
need to subdivide the 192.168.0.0/24 into three
subnets with 57 computers on each subnet?
Answer:
192.168.0.0/26
192.168.0.64/26
192.168.0.128/26
Item: 131
What are the server requirements for implementing the
Work Folders role service?
Answer:
A server running Windows Server 2012 R2 for
hosting sync shares with user files
A volume formatted with the NTFS file system
for storing user files
Item: 132
Which IPv6 prefix is a multicast allocation?
Answer:
FF00::/8
Item: 133
What is the default number of pooled MAC addresses
available to a server running Hyper-V?
Answer:

255
Item: 134
Which component relays DHCP messages between
DHCP clients and DHCP servers on different IP
networks separated by a router that is not RFC 1542
compliant?
Answer:
the DHCP Relay Agent
Item: 135
What path on a domain controller contains the Group
Policy files?
Answer:
Item: 135
What path on a domain controller contains the Group
Policy files?
Answer:
%SystemRoot%
\SYSVOL\Domain\Policies\GPOGUID path, where
GPOGUID is the GUID of the Group Policy container.
Item: 136
To reinstall a role or feature that has been completely
removed from Windows Server 2012 R2, what
resource(s) do you require?
Answer:
Either the original installation source, or access to
Windows Update
Item: 137
What cmdlet can you use to enable remote
management on a Server Core installation of Windows
Server 2012 R2?
Answer:
Enable-NetFirewallRule -DisplayGroup
"Windows Remote Management"
Item: 138
What does the convert option do in the Virtual Hard
Disk wizard?
Answer:
It converts a virtual hard disk by copying the contents
to a new virtual hard disk. The new virtual disk can use
a different type and format than the original virtual
hard disk.

Item: 139
Which IPv6 prefix is a global unicast allocation?
Answer:
2000::/3
Item: 140
What action must you perform on a running
Generation 2 virtual machine before disabling Secure
Boot?
Answer:
Power off the VM
Item: 141
Why would you get the error *** ns.domain.com
can't find child.domain.com.: Nonexistent
domain when using the nslookup utility
to query records in a child domain?
Answer:
The name server does not allow zone transfers to the
zone that contains records for the child domain
Item: 142
Which type of Windows servers responds to forestwide
Lightweight Directory Access Protocol (LDAP)
queries over port 3268?
Answer:
the global catalog server
Item: 143
What is the path to the central store that is used to store and replicate Windows
policy files on a domain controller?
Answer:
%logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions
Item: 144
How do you copy Windows Firewall with Advanced
Security rules from one server to another?
Answer:
In the Windows Firewall with Advanced Security MMC
snap-in, click Export Policy to export the rules to a
file. On the other server, open the Windows Firewall
with Advanced Security MMC snap-in and click Import
to the file.

Item: 145
If a 3 GB file is compressed to 2 GB, what file size will
count toward the disk quota?
Answer:
3 GB will be counted toward the disk quota because
compressed files are tracked based on their
uncompressed sizes
Item: 146
What type of condition would you apply to an
AppLocker rule to restrict users from running software
from a specific software vendor?
Answer:
a publisher rule
Item: 147
Which type of domain controller contains a partial,
read-only replica of every domain in the forest other
than its own domain?
Answer:
global catalog server
Item: 148
Which ports and protocols should you enable on the
Windows Firewall for a Windows Server 2012 R2
acting as a VPN server to allow inbound L2TP
connections?
Answer:
UDP port 500 and 4500 as well as IP Protocol ID 50
Item: 149
What is the difference between "Same Sign-On" and
"Single Sign-On"?
Answer:
"Single Sign-On" is used with ADFS and allows user to
access resources without being prompted for
credentials if they are logged in to the AD network..
"Same Sign-On" prompts users for credentials even if
they are logged in to the AD network.
Item: 150
If you have three disks with 600 GB free on each disk
and you create a RAID-5 volume from the free space,
how much disk space would be available to the user?

Answer:
1200 GB (or 1.2 TB)
Item: 151
What is the difference between deleting a virtual
machine snapshot in Hyper-V Manager in Windows
Server 2008 R2 versus in Windows Server 2012?
Answer:
When you delete a snapshot in Hyper-V Manager in
Windows Server 2012, you do not have to restart or
turn off the virtual machine to reclaim the space
Item: 152
What will happen if all scopes on a DHCP server are
deactivated, but the DHCP server is authorized?
Answer:
The scope must be activated to issue IP addresses to
clients on the subnet
Item: 153
What feature in Windows Server 2008 and Windows
Server 2012 enables users to reliably print from a
RemoteApp program or from a terminal server desktop
session to the correct printer on their client computer?
Answer:
The Remote Desktop Easy Print driver
Item: 154
Which new feature of Windows Server 2012 R2 moves
frequently accessed data to solid-state drives, and
infrequently accessed data to slower drives?
Answer:
Storage tiers
Item: 155
Which feature of the Hyper-V role addresses
the scalability issues of VLANs where tenants
each have multiple virtual subnets?
Answer:
Port Virtual Local Area Network (PVLAN)
Item: 156
Which feature of Windows Server 2012 and above
allows the server to have the ability to operate multiple
NICs as a single interface?

Answer:
NIC Teaming
Item: 157
Which command can be used to redirect newly
created computer accounts from the default container
named CN=Computers to a specified container?
Answer:
the redircmp command
Item: 158
What technology is an address-assignment technology
that you can use to provide unicast IPv6 connectivity
between IPv6/IPv4 hosts over an IPv4 intranet?
Answer:
ISATAP
Item: 159
How can you view cached lookups on a Windows DNS
server?
Answer:
By clicking View from the menu at the top of DNS
Manager and clicking Advanced.
Item: 160
What must an Enterprise Administrator do in Active
Directory Users and Computers before moving a
newly created child OU to a different parent OU?
Answer:
On the properties of the child OU, under the Object
tab, clear the Protect object from accidental
deletion checkbox.
Item: 161
Which virtual hard disk format, VHD or VHDX, is
recommended for servers needing more than 2 TB of storage?
Answer:
VHDX
Item: 162
How must you configure a member server with the
DNS server in a domain with the DNS server role
loaded to support Active Directory zones?

Answer:
Make the server a domain controller
Item: 163
What is the default location for Work Folders on a
client computer?
Answer:
%USERPROFILE%\Work Folders
Item: 164
What path in a GPO do you use to enable the
Configure slow-link mode policy setting?
Answer:
Computer Configuration\ Policies \ Administrative
Templates \ Network \Offline Files
Item: 165
What command provides an offline domain join of a
Server Core version of Windows Server 2012 R2 and
loads the computer metadata from a file so it can be
used to add the %SystemRoot% folder of the
computer that you want to join to the domain?
Answer:
djoin /requestODJ
Item: 166
Which cmdlet will remove a network adapter member
from a switch team?
Answer:
Remove-NetSwitchTeamMember
Item: 167
What type of group can include users from any domain
within a forest, and can be assigned permissions for in
any domain in the forest?
Answer:
A universal group
Item: 168
How many domain controllers can have the domain
naming master role?
Answer:
only one domain controller per forest

Item: 169
What tool can you use to migrate some server roles,
features, operating system settings, shares, and other
data from computers that are running certain editions
of Windows Server 2003 R2 to computers that are
running Windows Server 2012 R2?
Answer:
Windows Server Migration Tools
Item: 170
What technology do you use to allow applications that
do not support IPv6 to communicate with IPv6 hosts?
Answer:
Port Proxy
Item: 171
What happens to the original *.vhd file after you
choose the Convert option in the Virtual Hard Disk wizard?
Answer:
The original *.vhd file is retained along with the new
*.vhdx file that contains the contents of the original *.vhd file.
Item: 172
What should you do to allow AppLocker rules to test
what software will be affected by the rules when they
are implemented?
Answer:
Set enforcement to Audit
Item: 173
What Windows Server 2012 R2 function replaced the
Snapshot function in Hyper-V manager of Windows
Server 2008 and Windows Server 2012?
Answer:
Checkpoint
Item: 175
Which cmdlet would you use to apply a PowerShell
DSC configuration?
Answer:
Start-DscConfiguration
Item: 174

Which Hyper-V feature allows you to have a VM

change its source MAC address for outgoing packets?
Answer:
MacAddressSpoofing
Item: 176
What steps would you perform to delegate the Create,
delete and manage user accounts task to a group
for an Organizational Unit (OU)?
Answer:
In Active Directory Users and Computers, right-click
the OU and select Delegate Control
Item: 177
Under what circumstances can you NOT perform an
in-place upgrade to Windows Server 2012?
Answer:
In-place upgrades are NOT supported:
From a 32-bit edition of Windows Server
From one language to another
From one build type to another
From a Server Core installation directly to a full
installation (GUI mode)
From a pre-release version of Windows Server
2012
Item: 178
Which generation(s) of virtual machines uses a virtual
floppy disk to contain an unattended install answer
file?
Answer:
Generation 1 virtual machines only
Item: 179
How can you easily configure a Server Core
installation of Windows Server 2012 R2 to
automatically download Windows updates?
Answer:
use sconfig to configure Windows Updates
Item: 180
After creating ADMX files to define registrybased
policy settings on all client computers in
the domain, what should you do to ensure that
the custom ADMX file for the Chinese language
is automatically available to all Group Policy
administrators in the domain?

Answer:
Create an ADML file and copy it to the
SYSVOLl\domain\policies\PolicyDefinitions\[MUIculture]
folder on the domain controller.
Item: 181
What feature of Hyper-V in Windows Server 2012 R2
uses disk resources as additional, temporary memory
when more memory is required to restart a virtual
machine?
Answer:
Smart Paging
Item: 182
Which user feature protects the computer from the
unauthorized installation of any software?
Answer:
User Account Control (UAC)
Item: 183
If you have a domain with both Windows Server 2012
and Windows Server 2008 servers, which cmdlet must
you run before you configure anything using a
PowerShell cmdlet on a Windows Server 2008 Server
Core edition server?
Answer:
Import-module ServerManager
Item: 184
Which installation method can reduce the replication
traffic that is initiated during the installation of an
additional domain controller in an Active Directory
domain?
Answer:
the install from media (IFM) method
Item: 185
How can you filter objects in Active Directory Users
and Computers to only display printer objects?
Answer:
You can choose Filter Options from the View menu
and check Only printers in the Filter Options screen.
Item: 186

What type of network adapter is required on a virtual

machine to perform a network-based operating system
installation for the VM?
Answer:
legacy network adapter
Item: 187
What is the term that describes a physical print device
being shared by multiple users while allowing the
documents of one group of users to take precedence
over documents from another group?
Answer:
Print priorities
Item: 188
Which PowerShell cmdlet modifies properties of OU?
Answer:
Set-ADOrganizationalUnit
Item: 189
What deprecated command in Windows Server 2012
allows you to perform unattended installations of
Windows Server 2012 R2 domain controllers with
legacy scripts that have not been converted to
PowerShell?
Answer:
dcpromo /unattended
Item: 190
How can you ensure that Alice and John are members
of the Backup Operators group on every computer in
domain?
Answer:
Configure Backup Operators as a restricted group in a
GPO at the domain level with Alice and John as
members
Item: 191
How do you use Server Manager to uninstall the
graphical user interface (GUI) on a full installation of
Windows Server 2012 R2?
Answer:
From Server Manager, uninstall the User Interfaces
and Infrastructure feature.

Item: 192
Which generation(s) of virtual machines allows the VM
to boot using IPv6?
Answer:
Generation 2 virtual machines only
Item: 193
Which firewall rules should be configured to allow ping
commands to work?
Answer:
the correct echo rules, such as "File and Printer
Sharing (Echo Request - ICMPv4-In)"
Item: 194
Which user right allows a user to add workstations to
the domain?
Answer:
the Add workstations to domain local policy
Item: 195
What command will display the Server Configuration
menu on a Windows Server 2012 R2 Server Core
server?
Answer:
sconfig.cmd
Item: 196
How do you export AppLocker rules from a GPO in
one domain to another GPO in another domain?
Answer:
Export the AppLocker rules from the source GPO to
an XML file. Import the XML file with Group Policy
Editor on the destination GPO
Item: 197
Which new feature of Windows Server 2012 R2
reduces the latency of writes by buffering small
random writes to solid-state drives?
Answer:
Write-back cache
Item: 198
What feature of Hyper-V in a multitenant environment

ensures that VMs belonging to one tenant do not

consume excessive storage resources, affecting VMs
that belong to another tenant?
Answer:
Storage Quality of Service (QoS) for Hyper-V
Item: 199
What are the four steps for Windows Server Migration
Tools installation and preparation?
Answer:
1. Install Windows Server Migration Tools on
destination servers that run Windows Server
2012 R2.
2. Create deployment folders on destination
servers that run Windows Server 2012 R2, for
copying to source servers.
3. Copy deployment folders from destination
servers to source servers.
4. Register Windows Server Migration Tools on
source servers.
Item: 200
Which user right gives a user permissions to back up
files and folders on a computer, but not restore them?
Answer:
the Back up files and directories local policy
Item: 201
How can you copy AppLocker rules to another
computer?
Answer:
Export the AppLocker rules from a GPO or local
security policy to an XML file, and import the XML file
to another GPO or another local security policy
Item: 202
Which local group(s) membership on a member server
allows the user to back up and restore files and
directories on the server?
Answer:
Membership in the Administrators OR Backup
Operators groups
Item: 203
How many domain controllers can have the schema
master role?

Answer:
only one domain controller per forest
Item: 204
Which Hyper-V features can be accessed by members
of the Hyper-V Administrators group?
Answer:
Members of the Hyper-V Administrators have
complete and unrestricted access to all features of
Hyper-V.
Item: 205
Which user can always change permissions on an
object, even when that user is denied all access to the
object?
Answer:
The user or group that is the owner of the object
Item: 206
What is the minimum number of dynamic drives
required to create a RAID-5 volume?
Answer:
3
Item: 207
What type of condition would you apply to an
AppLocker rule to restrict users from running a specific
version number of a program?
Answer:
a file hash rule
Item: 208
Which guest operating system(s) support enhanced
session mode connections?
Answer:
Windows Server 2012 R2 and Windows 8.1
Item: 209
How do you recover a lost command prompt on a
Server Core installation of Windows Server 2012 R2?
Answer:
Press Ctrl+Alt+Del and select Task Manager. From
the File menu choose Run new task and enter

cmd.exe.
Item: 210
What setting of a virtual machine in Hyper-V manager
allows you select the order in which boot devices are
checked to start the operating system?
Answer:
Startup Order
Item: 211
How can you use the Recycle Bin to retrieve
yesterday's version of a document that was mistakenly
updated with erroneous information today?
Answer:
You can't. The Recycle Bin can only be used to
retrieve files that have been deleted, not updated.
Item: 212
What is the difference between a soft quota and a
hard quota?
Answer:
A hard quota type will not allow the users to exceed
the quota limit. A soft quota type will allow the user to
exceed the quota limit. A soft quota type is used
typically for monitoring storage use before
implementing a hard quota type.
Item: 213
What are three ways that you can configure a Server
Core installation of Windows Server 2012 R2 to
automatically download Windows updates from a
specific WSUS server?
Answer:
Using Group Policy Object Editor and editing
the Local Group Policy object
Editing the registry directly by using the registry
editor (Regedit.exe)
Centrally deploying these registry entries by
using System Policy in Windows NT 4.0 style
Item: 214
Which type of virtual hard disk provides better use of
physical storage space and is recommended for servers running applications that
are not diskintensive?
Answer:
Dynamically expanding virtual hard drive that uses the
VHDX format

Item: 215
For each IP network segment that contains DHCP
clients but does not contain a DHCP server, what
component must be installed if the router does not
forward Bootp broadcasts?
Answer:
the DHCP Relay Agent
Item: 216
Which PowerShell cmdlet would you use to add a
computer to a domain such that you will be prompted
to supply credentials to join the domain?
Answer:
Add-Computer
Item: 217
Which group can reduce the number of users that
belong to the local Administrators group while
providing users with access to Hyper-V?
Answer:
Hyper-V Administrators
Item: 218
Which operations master role is responsible for
updating references from local objects to objects in
other domains?
Answer:
infrastructure master
Item: 219
What technology uses 128-bit IP addresses and
allows for the use of 340 undecillion addresses?
Answer:
IPv6
Item: 220
What type of AppLocker rules are available to
configure in a GPO for Windows 8.1 or Windows
Server 2012 R2 computers?
Answer:
packaged app rules, executable rules, Windows
Installer rules, and script rules

Item: 221
What comprises the membership list of a domain local
group?
Answer:
Users and computers from any trusted domain
Global groups from any trusted domain
Universal groups from within the forest
Domain local groups from the same domain
Item: 222
Which type of zone prevents the DNS server from
looking outside the zones on the DNS server to
resolve a name?
Answer:
A root zone
Item: 223
Which parameter of the Dism command will allow you
remove a GUI interface from an image of a full installation of Windows Server
2012 R2?
Answer:
/disable-feature
Item: 224
What feature in a Group Policy policies allow you to
control the membership of sensitive groups through
Active Directory rather than through traditional group
membership editing tools, such as Active Directory
Users and Computers or PowerShell?
Answer:
Restricted Groups
Item: 225
Which generation(s) of virtual machines supports both
VHDs and VHDXs?
Answer:
Generation 1 virtual machines only
Item: 226
What are the two enforcement options that can be set
on the enforcement of AppLocker executable rules,
Windows Installer rules, script rules, and packaged
app rules?
Answer:

Enforce Rules and Audit

Item: 227
Which Windows server versions can run as a guest
operating system on a Hyper-V host that can use a
virtual Fibre Channel Adapter to connect to an
attached virtual SAN?
Answer:
Windows Server 2008, Windows Server 2008 R2,
Windows Server 2012, and Windows Server 2012 R2
Item: 228
How do you configure Group Policy to specify the
source files from which every server in the domain
should install features or roles?
Answer:
Specify the source in a Group Policy at Computer
Configuration > Administrative Templates >
System > Specify settings for optional component
installation and component repair
Item: 229
How many domain controllers can have the PDC
emulator role?
Answer:
only one domain controller per domain
Item: 230
Which command allows you to remotely execute
commands on a Windows Server 2012 R2 server?
Answer:
winrs
Item: 231
What type of AppLocker rule would you use to control
an application from the Windows store?
Answer:
a packaged app rule
Item: 232
What subnet mask would you use to further divide the
10.10.0.0/16 network to a subnet that supports up to
2100 hosts?
Answer:

/20 or 255.255.240.0 which supports 2^12-2, or 4094,

hosts per subnet
Item: 233
Which IPv6 prefix is a link-scoped unicast allocation?
Answer:
FE80::/10
Item: 234
Which cmdlet will create a new switch team that is
manipulated by a forwarding extension in the Hyper-V
Extensible Switch?
Answer:
New-NetSwitchTeam
Item: 235
Which PowerShell cmdlet modifies the properties of a
computer account?
Answer:
Set-ADComputer
Item: 236
Why do pass-through disks give better performance
than virtual disks for a virtual machine on a Hyper-V
host?
Answer:
Pass-through disks allow for the virtual machines to
get raw disk access, which is important when you
have a storage operating system controlling the drives.
Item: 237
What should you do to ensure that only authenticated
users are able to register their records in the DNS
zone?
Answer:
Create an Active Directory-integrated zone and
configure the zone for secure dynamic updates only
Item: 238
If you have multiple local GPOs on a Windows Server
2012 server, in what order are the local GPOs
processed?
Answer:
1. Local Group Policy

2. Administrators and Non-Administrators Group

Policy
3. User-specific Local Group Policy
Item: 239
Which cmdlet will install Work Folders on a Windows
Server 2012 R2 server?
Answer:
Add-WindowsFeature FS-SyncShareService
Item: 240
If Joe has Full Control permissions to C:\Software on
the server and Read permissions to the share named
Software that points to C:\Software on that server, will
Joe be able to copy a file to the Software share from
another computer?
Answer:
No, Joe will only have the effective permissions of
Read on the share.
Item: 241
After you have selected Save my settings for future
connections to this virtual machine and then
clicked Connect to connect to a virtual machine that supports enhanced session
mode in a Virtual
Machine Connection session, where is the
configuration file saved?
Answer:
%appdata%\roaming\Microsoft\Windows\HyperV\Client\1.0
Item: 242
Which virtual hard disk format, VHD or VHDX,
provides protection against corruption during power
failures?
Answer:
VHDX
Item: 243
What are two ways to display the IPv6 Route Table on
a Windows Server 2012 R2 server from the
PowerShell prompt?
Answer:
Run either the netstat -r command or the GetNetRoute cmdlet from the PowerShell prompt.

Item: 244
Which generation(s) of virtual machines can have a
boot disk with either a MBR partition table or GPT
partition table?
Answer:
Generation 2 virtual machines only
Item: 245
What is the maximum size of a file that can be stored
in a Work Folder?
Answer:
10 GB
Item: 246
What feature of a Generation 2 virtual machine helps
prevent unauthorized code from running at boot time?
Answer:
Secure Boot
Item: 247
Which operations master role is responsible for
assigning Security Identifiers (SIDs) to objects such as
users and groups?
Answer:
RID Master
Item: 248
What type of condition would you apply to an
AppLocker rule to restrict users from installing
software in a particular location?
Answer:
a path rule
Item: 249
What type of partition table will support a volume over
2 TB?
Answer:
a GUID partition table (GPT) type
Item: 250
What are the five characteristics that you can use to
segregate or group client computers based on a
DHCP policy?

Answer:
MAC Address
Vendor Class
User Class
Client Identifier
Relay Agent Information
Item: 251
What PowerShell cmdlet creates a snapshot of each
virtual machine on a Windows Server 2012 R2 server
that is running the Hyper-V role?
Get-VM -ComputerName <Name of Hyper-V
Server> | Checkpoint-VM
Item: 252
Which GPO setting manages mapped drives,
scheduled tasks, environment variables, printer
mappings, and Start menu settings?
Answer:
Preferences
Item: 253
When configuring MAC address ranges on different
Hyper-V hosts, what guidelines should you follow?
Answer:
The ranges that you specify cannot overlap.
The first three octets of the beginning and
ending MAC address must be the same.
You must enter a valid hexadecimal values
between 00 and FF.
Item: 254
What type of storage layout from a storage pool will
support up to two disk failures?
Answer:
mirror spaces
Item: 255
What will happen if all scopes on a DHCP server are
activated, but the DHCP server is not authorized?
Answer:
If the DHCP server is not authorized, it will not lease
IP addresses to DHCP clients.
Item: 256

What must you enable on your computer to recovery

files that were accidently overwritten?
Answer:
Shadow Copies of Shared Folders
Item: 257
Which DHCP option number specifies a list of IP
addresses for routers on the client's subnet?
Answer:
003
Item: 258
What are two ways to remove the GUI Management
tools from a full installation of Windows Server 2012
R2?
Answer:
run Uninstall-WindowsFeature or use Server
Manager to remove the Graphical Management Tools
and Infrastructure feature
Item: 259
Which PowerShell cmdlet would you use to rename a
Windows Server 2012 R2 Server Core server?
Answer:
Rename-Computer
Item: 260
What is the role of the Teredo server?
Answer:
To assist the Teredo clients with address configuration
and to facilitate IPv6 connectivity on an IPv4 Internet
Item: 261
When enabled, what feature of Hyper-V in Windows
Server 2012 R2 allows network traffic to bypass the
software switch layer of the Hyper-V virtualization
stack?
Answer:
Single Root I/O Virtualization (SR-IOV)
Item: 262
What type of storage layout from a storage pool is best
suited for archival data and streaming media, such as
music and videos?

Answer:
Parity spaces

Item: 263
Which generation(s) of virtual machines allows a
virtual machine to boot from a device attached to a
SCSI controller?
Answer:
Generation 2 virtual machines only
Item: 264
To create installation media for a full (writable) domain
controller, what command must you run on a writable
domain controller that is running Windows
Server 2012 R2?
Answer:
the ntdsutil ifm command
Item: 265
Which parameter of the Dism command will allow you
add a GUI interface to a Server Core installation of
Windows Server 2012 R2?
Answer:
/enable-feature
Item: 266
What technology uses 32-bit IP addresses and allows
for the use of 4 billion addresses?
Answer:
IPv4
Item: 267
Which cmdlet replaces the RemoveWindowsFeature cmdlet in Windows Server 2012?
Answer:
Uninstall-WindowsFeature
Item: 268
What PowerShell cmdlet would you use to set a static
IP address on a Windows Server 2012 R2 Server
Core server?

Answer:
New-NetIPAddress
Item: 269
How do you remove the binary files to free up space
on the server when you uninstall a role or feature with
the Windows PowerShell cmdlet UninstallWindowsFeature <featurename>?
Answer:
Use the Remove option with the UninstallWindowsFeature cmdlet
Item: 270
What feature or functionality must you disable on a
Generation 2 virtual machine to enable kernel
debugging on the virtual machine?
Answer:
Secure Boot
Item: 271
Which user right gives a user permissions to change
the time and date on the internal clock of the
computer?
Answer:
the Change the system time local policy
Item: 272
What feature of a Windows Server 2012 R2 server
allows the computer a local Internet router to provide a
site with IPv6 connectivity over the IPv4 Internet?
Answer:
6to4 router