Which Windows PowerShell command should you run?
You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The
infrastructure uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure
successfully.
Which Windows PowerShell command should you run?
What should you run on Server1?
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1
has the Active Directory Certificate Services server role installed and is configured as a
standalone certification authority (CA).
You install a second server named Server2. You install the Online Responder role service
on Server2.
You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP)
Response Signing certificate to Server2.
What should you run on Server1?
How many trusts should you identify?
Your network contains four Active Directory forests. Each forest contains an Active Directory
Rights Management Services (AD RMS) root cluster.
All of the users in all of the forests must be able to access protected content from any of the
forests.
You need to identify the minimum number of AD RMS trusts required.
How many trusts should you identify?
You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root c
DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com.
Each forest contains an Active Directory Rights Management Services (AD RMS) root
cluster. All servers run Windows Server 2012 R2.
You need to ensure that the rights account certificates issued in adatum.com are accepted
by the AD RMS root cluster in contoso.com.
What should you do in each forest?
To answer, drag the appropriate actions to the correct forests. Each action may be used
once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.
Which tool should you use?
Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root
certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domainjoined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The
solution must not prevent other users from logging on to the domain.
Which tool should you use?
Which two cmdlets should you run?
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs a Server Core installation of Windows Server
2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the autoenrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution.
Choose two.)
You need to ensure that all the members of Group1 can use Template1
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Active Directory Rights Management Services server role installed.
The domain contains a domain local group named Group1.
You create a rights policy template named Template1. You assign Group1 the rights to
Template1.
You need to ensure that all the members of Group1 can use Template1.
What should you do?
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message do
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1,
the error message does not appear.
What should you do?
Which two actions should you perform?
Your network contains an Active Directory domain named contoso.com. The domain
contains a file server named Server1. The File Server Resource Manager role service is
installed on Server1. All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that
contains Server1. The following graphic shows the configured settings in GPO1.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You attempt to configure access-denied assistance on Server1, but the Enable accessdenied assistance option cannot be selected from File Server Resource Manager.
You need to ensure that you can configure access-denied assistance on Server1 manually
by using File Server Resource Manager.
Which two actions should you perform?
You need to ensure that each user has a separate folder in Sync1
Your network contains an Active Directory forest named contoso.com. The forest contains
four domains. All servers run Windows Server 2012 R2.
Each domain has a user named User1.
You have a file server named Server1 that is used to synchronize user folders by using the
Work Folders role service.
Server1 has a work folder named Sync1.
You need to ensure that each user has a separate folder in Sync1.
What should you do?