58. D. An exclusion just marks addresses as excluded; the DHCP server doesn’t maintain any information about them. A reservation marks an address as reserved for a particular client.
59. D. Active Directory Integrated zones give you many benefits over using primary and secondary zones including less network traffic, secure dynamic updates, encryption, and reliability in the event of a DNS server going down. The Secure Only option is for dynamic updates to a DNS database.
60. C. The Secure Only option is for DNS servers that have an Active Directory Integrated zone. When a computer tries to register with DNS dynamically, the DNS server checks Active Directory to verify that the computer has an Active Directory account. If the computer that is trying to register has an account, DNS adds the host record. If the computer trying to register does not have an account, the record gets tossed away and the database is not updated.
61. D. By default, Connection objects are automatically created by the Active Directory replication engine. You can choose to override the default behavior of Active Directory replication topology by manually creating Connection objects, but this step is not required.
62. D. The NTDS settings for the site level are where you would activate and deactivate UGMC.
63. D. Remember that a shortcut trust is used to eliminate multiple hops to and from certain domains within a multiforest, multidomain infrastructure. By configuring a shortcut trust between the two domains, you will reduce the slowness and authentication latency between them.
64. A. The Directory Service event log contains error messages and information related to replication. These details can be useful when you are troubleshooting replication problems.
65. C. The Knowledge Consistency Checker (KCC) is responsible for establishing the replication topology and ensuring that all domain controllers are kept up-to-date.
66. A and B. Certutil – backup backs up the CA certificate including private key in the backup. Certutil – backupdb backs up only the certificate database and logs.
67. B and C. Under AD Sites and Services, navigate to Services ⇒ RightsManagementServices and remove the SCP object. This operation can also be done by using ADSI Edit.
68. D. The relying party is the organization that receives and processes claims from a resource partner. The resource partner issues claims-based security tokens that contains published web-based applications that users in the account partner can access. This is accomplished through a relying-party trust. See Chapter 22 for more details.
69. D. AD RMS contacts the global catalog through port 3268. See Chapter 22 for more details.
Part I
Exam 70-410: Installing and Configuring Windows Server 2012 R2
Chapter 1
Install Windows Server 2012 R2
✔ Install servers
■ Plan for a server installation
■ Plan for server roles
■ Plan for a server upgrade
■ Install Server Core
■ Optimize resource utilization by using Features on Demand
■ Migrate roles from previous versions of Windows Server
■ Configure Server Core
■ Add and remove features in offline images
■ Deploy roles on remote servers
■ Convert Server Core to/from full GUI
■ Configure NIC teaming
✔ Configure local storage
■ Design storage spaces
■ Configure basic and dynamic disks
■ Configure MBR and GPT disks
■ Manage volumes
■ Create and mount virtual hard disks
■ Configure storage pools and disk pools
This chapter covers the installation of Windows Server 2012 R2. It shows how to install both the full version of Windows Server 2012 R2 and the Server Core version. It also shows you how to use some PowerShell commands in Windows Server 2012 R2 Server Core.
Let’s dive right into the server by talking about some of the new features and advantages of Windows Server 2012 R2.
Features and Advantages of Windows Server 2012 and Server 2012 R2
Before I show how to install and configure Windows Server 2012 R2, let’s take a look at some of the new features and the advantages it offers.
I will talk about all of these features in greater detail throughout this book. What follows are merely brief descriptions.
Active Directory Certificate Services Active Directory Certificate Services (AD CS) provides a customizable set of services that allow you to issue and manage public key infrastructure (PKI) certificates. These certificates can be used in software security systems that employ public key technologies.
Active Directory Domain Services Active Directory Domain Services (AD DS) includes new features that make deploying domain controllers simpler and that let you implement them faster. AD DS also makes the domain controllers more flexible, both to audit and to authorize for access to files. Moreover, AD DS has been designed to make performing administrative tasks easier through consistent graphical and scripted management experiences.
Active Directory Rights Management Services Active Directory Rights Management Services (AD RMS) provides management and development tools that let you work with industry security technologies, including encryption, certificates, and authentication. Using these technologies allows organizations to create reliable information protection solutions.
BitLocker BitLocker is a tool that allows you to encrypt the hard drives of your computer. By encrypting the hard drives, you can provide enhanced protection against data theft or unauthorized exposure of your computers or removable drives that are lost or stolen.
BranchCache BranchCache allows data from files and web servers on a wide area network (WAN) to be cached on computers at a local branch office. By using BranchCache, you can improve application response times while also reducing WAN traffic. Cached data can be either distributed across peer client computers (distributed cache mode) or centrally hosted on a server (hosted cache mode). BranchCache is included with Windows Server 2012 R2 and Windows 8.
DHCP Dynamic Host Configuration Protocol (DHCP) is an Internet standard that allows organizations to reduce the administrative overhead of configuring hosts on a TCP/IP-based network. Some of the new features are DHCP failover, policy-based assignment, and the ability to use Windows PowerShell for DHCP Server.
DNS Domain Name System (DNS) services are used in TCP/IP networks. DNS will convert a computer name or fully qualified domain name (FQDN) to an IP address. DNS also has the ability to do a reverse lookup and convert an IP address to a computer name. DNS allows you to locate computers and services through user-friendly names.
Failover