object. See Chapter 4 for more information.
12. D. Applications cannot be published to computers, but they can be published to users and assigned to computers. See Chapter 5 for more information.
13. A. MSI files (.msi) are native Windows Installer files used with Windows Installer setup programs. The other file types do not apply to this situation. See Chapter 5 for more information.
14. E. To allow this permission at the OU level, the system administrator must create a GPO with the appropriate settings and link it to the OU. See Chapter 5 for more information.
15. A. Assuming that the default settings are left in place, the Group Policy setting at the OU level will take effect. See Chapter 5 for more information.
16. D. In Windows Server 2012 R2, you can create GPOs only by using the Group Policy Management Console. See Chapter 5 for more information.
17. B. The nslookup tool allows you to look up name and address information. See Chapter 2 for more information.
18. C. The TTL indicates how long the record may be safely cached; it may or may not be modified when the record is created. See Chapter 2 for more information on TTL.
19. B. DDNS works with BIND 8.2 and later. See Chapter 2 for more information on DDNS.
20. D. A round-robin configuration uses all of the available active paths and will distribute I/O in a balanced round-robin fashion. Failover uses only the primary and standby paths, allowing for link failure. Weighted path assigns requests to the path with the least weight value. Dynamic Least Queue Depth routes requests to the path with the least number of outstanding requests. See Chapter 2 for more information.
21. D. All of the applications that are running on the Windows Server 2012 R2 machine will show up under the Details tab. Right-click the application and end the process.
22. A. If you use MBSA from the command-line utility mdsacli.exe, you can specify several options. You type mdsacli.exe/hf (from the folder that contains Mdsacli.exe) and then customize the command execution with an option such as /ixxxx.xxxx.xxxx.xxxx, which specifies that the computer with the specified IP address should be scanned.
23. C. Server Manager is the one place where you install all roles and features for a Windows Server 2012 R2 system.
24. A. The Sharing tab contains a check box that you can use to list the printer in Active Directory.
25. B, E, G and H. The Active Directory Users and Computers tool allows system administrators to change auditing options and to choose which actions are audited. At the file system level, Isabel can specify exactly which actions are recorded in the audit log. She can then use Event Viewer to view the recorded information and provide it to the appropriate managers.
26. B. Offline files give you the opportunity to set up files and folders so that users can work on the data while outside the office.
27. A, B, C and D. Improved security, quotas, compression, and encryption are all advantages of using NTFS over FAT32. These features are not available in FAT32. The only security you have in FAT32 is shared folder permissions.
28. D. File servers are used for storage of data, especially for users’ home folders. Home folders are folder locations for your users to store data that is important and that needs to be backed up.
29. A. GPOs at the OU level take precedence over GPOs at the domain level. GPOs at the domain level, in turn, take precedence over GPOs at the site level.
30. B. The Block Policy Inheritance option prevents group policies of higher-level Active Directory objects from applying to lower-level objects as long as the Enforced option is not set.
31. A, B, C and D. GPOs can be set at all of the levels listed. You cannot set GPOs on security principals such as users or groups.
32. D and E. Administrative templates are used to specify the options available for setting Group Policy. By creating new administrative templates, Ann can specify which options are available for the new applications. She can then distribute these templates to other system administrators in the environment.
33. B, C and E. The Account Lockout Duration setting states how long an account will be locked out if the password is entered incorrectly. The Account Lockout Threshold setting is the number of bad password attempts, and the Account Lockout Counter setting is the time in which the bad password attempts are made. Once the Account Lockout Counter setting reaches 0, the number of bad password attempts returns to 0.
34. D. When resources are made available to users who reside in domains outside the forest, Foreign Security Principal objects are automatically created. These new objects are stored within the Foreign Security Principals container.
35. B. The primary method by which systems administrators create and manage application data partitions is through the ntdsutil tool.
36. C. The NPS snap-in allows you to set up RADIUS servers and designate which RADIUS server will accept authentication from other RADIUS servers. You can do your entire RADIUS configuration through the NPS snap-in.
37. C. NPS allows you to set up policies on how your users could log into the network. NPS allows you to set up policies that systems need to follow, and if they don’t follow these policies or rules, they will not have access to the full network.
38. C. Windows Server 2012 R2 comes with EAP-Transport Level Security (TLS). This EAP type allows you to use public key certificates as an authenticator. TLS is similar to the familiar Secure Sockets Layer (SSL) protocol used for web browsers and 802.1x authentication. When EAP-TLS is turned on, the client and server send TLS-encrypted messages back and forth. EAP-TLS is the strongest authentication method you can use; as a bonus, it supports smart cards. However, EAP-TLS requires your NPS server to be part of the Windows Server 2012 R2 domain.
39. B and D. PEAP-MS-CHAP v2 is an EAP type protocol that is easier to deploy than Extensible Authentication Protocol with Transport Level Security (EAP-TLS). It is easier because user authentication is accomplished by using password-based credentials (user name and password) instead of digital certificates or smart cards. Both PEAP and EAP use certificates with their protocols.
40. C. One advantage of NPS is that you can use the accounting part of NPS so that you can keep track of what each department does on your NPS server. This way, departments pay for the amount of time they use the SQL server database.
41. D. Group Policy Updates have a high processing latency, because IPsec encryption is interrupted until updates to the Group Policies are complete. If the updates to Group Policy do not occur quickly, cluster heartbeat can be impacted (eg if the processing delay exceeds the heartbeat threshold).
42. C. In Windows Server 2012, the number of cluster nodes increased to 64. 8000 is the number of VMs/Clustered Roles. 1024 is the maximum amount of VMs or Clustered Roles per cluster node, and 1000 is the maximum amount of VMs or Clustered Roles per cluster node in Windows Server 2008 R2.
43. B. Witness Dynamic Weighting and Lower Quorum Priority Node are options in PowerShell to modify Dynamic Quorum, but they are not a good answer. Force quorum resiliency is completely incorrect.
44. A. NTLM is the only supported authentication mechanism that will utilize local security authorities (non-active directory integrated Windows Servers).
45. A. Prior to Windows Server 2012 R2, shared virtual hard disks did not exist. At release of Windows Server 2012 R2, shared virtual disks were supported for file
