Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 91-100

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.91

Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.

The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.

You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.

You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Set the Ordering method of \\contoso.com\public to Random order.

  2. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.

  3. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.

  4. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client#39;s site.

  5. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.

  6. Set the Ordering method of \\contoso.com\public to Lowest cost.

Correct Answer: BD

Explanation:

Exclude targets outside of the client#39;s site

In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set to quot;First among all targetsquot; or quot;Last among all targetsquot; are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client#39;s site .

Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.

Question No.92

You have a server named Server 1.

You enable BitLocker Drive Encryption (BitLocker) on Server 1.

You need to change the password for the Trusted Platform Module (TPM) chip. What should you run on Server1?

  1. Manage-bde.exe

  2. Set-TpmOwnerAuth

  3. bdehdcfg.exe

  4. tpmvscmgr.exe

Correct Answer: B

Explanation:

The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.

Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value.

Question No.93

You have a file server that has the File Server Resource Manager role service installed.

You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)

image

You need to ensure that all of the folders in Folder1 have a 100-MB quota limit. What should you do?

  1. Run the Update FsrmQuotacmdlet.

  2. Run the Update-FsrmAutoQuotacmdlet.

  3. Create a new quota for Folder1.

  4. Modify the quota properties of Folder1.

Correct Answer: C

Explanation:

By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server Resource Manager automatically generates quotas that are based on that template. Quotas are generated for each of the existing subfolders and for subfolders that you create in the future.

image

http://technet.microsoft.com/en-us/library/cc731577.aspx

Question No.94

Your network contains an Active Directory forest named contoso.com.

The domain contains three servers. The servers are configured as shown in the following table.

image

You plan to implement the BitLocker Drive Encryption (BitLocker) Network Unlock feature. You need to identify which server role must be deployed to the network to support the planned implementation. Which role should you identify?

  1. Network Policy and Access Services

  2. Volume Activation Services

  3. Windows Deployment Services

  4. Active Directory Rights Management Services

Correct Answer: C

Explanation:

Windows Deployment Services (WDS) is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network- based installation. This means that you do not have to install each operating system directly from a CD, USB drive or DVD. To use Windows Deployment Services, you should have a working knowledge of common desktop deployment technologies and networking components, including Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Active Directory Domain Services (AD DS). It is also helpful to understand the Preboot execution Environment (also known as Pre-Execution Environment).

Question No.95

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.

Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1. You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)

image

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

image

Correct Answer:

image

Question No.96

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.

You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.

You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort.

Which two audit policies should you configure in GPO1?

To answer, select the appropriate two objects in the answer area.

image

Correct Answer:

image

Question No.97

Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.

image

All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.

You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.

To which server should you deploy the feature?

  1. Server1

  2. Server2

  3. Server3

  4. Server4

  5. Server5

Correct Answer: E

Explanation:

The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Services role in Server Manager.

Question No.98

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

Server1 has a folder named Folder1 that is used by the human resources department.

You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1.

What should you configure on Server1?

  1. a storage report task

  2. a file screen exception

  3. a file screen

  4. a file group

Correct Answer: C

Explanation:

Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files. With File Server Resource Manager (FSRM) you can create file screens that prevent users from saving unauthorized files on volumes or folders. File Screen Enforcement:

You can create file screens to prevent users from saving unauthorized files on volumes or folders. There are two types of file screen enforcement: active and passive enforcement. Active file screen enforcement does not allow the user to save an unauthorized file. Passive file screen enforcement allows the user to save the file, but notifies the user that the file is not an authorized file. You can configure notifications, such as events logged to the event log or e-mails sent to users and administrators, as part of active and passive file screen enforcement.

Question No.99

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.

You run ntdsutil as shown in the exhibit. (Click the Exhibit button.)

image

You need to ensure that you can access the contents of the mounted snapshot. What should you do?

  1. From the snapshot context of ntdsutil, run activate instance quot;NTDSquot;.

  2. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 389.

  3. From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0-2f56d827a57d}.

  4. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 33389.

Correct Answer: D

Explanation:

By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain sensitive AD DS data. If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you run Dsamain.exe. If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. A client starts an LDAP session by connecting to an LDAP server,

called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).

image

http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

Question No.100

Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1.

You create a global group named RODC_Admins.

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage

Active Directory objects. What should you do?

  1. From Active Directory Sites and Services, run the Delegation of Control Wizard.

  2. From a command prompt, run the dsadd computer command.

  3. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

  4. From a command prompt, run the dsmgmt local roles command.

Correct Answer: D

Explanation:

RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 101-110

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.101

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1.

You identify the security requirements for the 30 user accounts as shown in the following table.

image

You need to identify which settings must be implemented by using a Password Settings object (PSO) and which settings must be implemented by modifying the properties of the user accounts.

What should you identify?

To answer, configure the appropriate settings in the dialog box in the answer area.

image

Correct Answer:

image

Question No.102

HOTSPOT

Your network contains 25 Web servers that run Windows Server 2012 R2. You need to configure auditing policies that meet the following requirements:

image

Generate an event each time a new process is created.

image

Generate an event each time a user attempts to access a file share. Which two auditing policies should you configure?

To answer, select the appropriate two auditing policies in the answer area.

image

Correct Answer:

image

Question No.103

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature.

Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.

image

Correct Answer:

image

Question No.104

Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows Server 2012 R2.

Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.

You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E. Which command should you run?

  1. manage-bde -protectors -add c: -startup e:

  2. manage-bde -lock e:

  3. manage-bde -protectors -add e: -startupkey c:

  4. manage-bde -on e:

Correct Answer: D

Explanation:

Manage-bde: on

Encrypts the drive and turns on BitLocker. Example:

The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.

manage-bde -on C: -recoverypassword

Question No.105

HOTSPOT

You have a file server named Server1 that runs Windows Server 2012 R2.

A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.

On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)

image

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

image

Correct Answer:

image

Question No.106

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)

image

On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1.

You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1.

What should you configure?

  1. the Audit File Share setting of Servers GPO

  2. the Sharing settings of C:\Share1

  3. the Audit File System setting of Servers GPO

  4. the Security settings of C:\Share1

Correct Answer: D

Explanation:

You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system.

Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.

File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in event log.

To view connections to shared resources, type net session at a command prompt or follow these steps:

In Computer Management, connect to the computer on which you created the shared resource. In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers.

To enable folder permission auditing, you can follow the below steps: Click start and run quot;secpol. mscquot; without quotes.

Open the Local Policies\Audit Policy

Enable the Audit object access for quot;Successquot; and quot;Failurequot;.

Go to target files and folders, right click the folder and select properties. Go to Security Page and click Advanced.

image

Click Auditing and Edit.

Click add, type everyone in the Select User, Computer, or Group. Choose Apply onto: This folder, subfolders and files.

Tick on the box quot;Change permissionsquot; Click OK.

image

After you enable security auditing on the folders, you should be able to see the folder permission changes in the server#39;s Security event log. Task Category is File System. http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477- 8014-f2eb10f3f10f/

http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477- 8014-f2eb10f3f10f/

http://support.microsoft.com/kb/300549 http://www.windowsitpro.com/article/permissions/auditing-folder-permission-changes http://www.windowsitpro.com/article/permissions/auditing-permission-changes-on-a-folder

Question No.107

You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled.

You enable BitLocker on a Cluster Shared Volume (CSV).

You need to ensure that all of the cluster nodes can access the CSV. Which cmdlet should you run next?

  1. Unblock-Tpm

  2. Add-BitLockerKeyProtector

  3. Remove-BitLockerKeyProtector

  4. Enable BitLockerAutoUnlock

Correct Answer: B

Explanation:

Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The Active Directory protector is a domain security identifier (SID) based protector for protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a user account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage.

BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active Directory identity associated with the Cluster Network name, as a BitLocker protector to the target disk volumes. Add-BitLockerKeyProtector lt;drive letter or CSV mount pointgt; – ADAccountOrGroupProtector ?ADAccountOrGroup $cno

Question No.108

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:

image

You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)

image

You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1.

Which additional name suffix entry should you add from the Remote Access Setup wizard?

  1. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value

  2. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62

  3. A Name Suffix value of da1.contoso.com and a DNS Server Address value of 65.55.37.62

  4. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value

Correct Answer: A

Explanation:

Split-brain DNS is the use of the same DNS domain for both Internet and intranet resources. For example, the Contoso Corporation is using split brain DNS; contoso.com is the domain name for intranet resources and Internet resources. Internet users use http://www.contoso.com to access Contoso#39;s public Web site and Contoso employees on the Contoso intranet use http://www.contoso.com to access Contoso#39;s intranet Web site. A Contoso employee with their laptop that is not a DirectAccess client on the intranet that accesses http: //www.contoso.com sees the intranet Contoso Web site. When they take their laptop to the local coffee shop and access that same URL, they will see the public Contoso Web site.

When a DirectAccess client is on the Internet, the Name Resolution Policy Table (NRPT) sends DNS name queries for intranet resources to intranet DNS servers. A typical NRPT for DirectAccess will have a rule for the namespace of the organization, such as contoso.com for the Contoso Corporation, with the Internet Protocol version 6 (IPv6) addresses of intranet DNS servers. With just this rule in the NRPT, when a user on a DirectAccess client on the Internet attempts to access the uniform resource locator (URL) for their Web site (such as http:

//www.contoso.com), they will see the intranet version. Because of this rule, they will never see the public version of this URL when they are on the Internet.

For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name suffixes that do not have corresponding DNS servers are treated as exemptions.

http://technet.microsoft.com/en-us/library/ee382323(v=ws.10).aspx

Question No.109

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

You enable and configure Routing and Remote Access (RRAS) on Server1. You create a user account named User1.

You need to ensure that User1 can establish VPN connections to Server1. What should you do?

  1. Create a network policy.

  2. Create a connection request policy.

  3. Add a RADIUS client.

  4. Modify the members of the Remote Management Users group.

Correct Answer: A

Explanation:

Network policies are sets of conditions, constraints, and settings that allow you to designate who

is authorized to connect to the network and the circumstances under which they can or cannot connect.

Network policies can be viewed as rules. Each rule has a set of conditions and settings. Configure your VPN server to use Network Access Protection (NAP) to enforce health requirement policies

image

http://technet.microsoft.com/en-us/library/hh831683.aspx http://technet.microsoft.com/en-us/library/cc754107.aspx http://technet.microsoft.com/en-us/library/dd314165(v=ws.10).aspx http://technet.microsoft.com/en-us/windowsserver/dd448603.aspx http://technet.microsoft.com/en-us/library/dd314165(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd469733.aspx http://technet.microsoft.com/en-us/library/dd469660.aspx http://technet.microsoft.com/en-us/library/cc753603.aspx http://technet.microsoft.com/en-us/library/cc754033.aspx http://technet.microsoft.com/en-us/windowsserver/dd448603.aspx

Question No.110

You have a DNS server named Server1.

Server1 has a primary zone named contoso.com.

Zone Aging/Scavenging is configured for the contoso.com zone.

One month ago, an administrator removed a server named Server2 from the network.

You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com.

You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.

What should you modify?

  1. The Expires after value of contoso.com

  2. The Record time stamp value of the static resource records

  3. The time-to-live (TTL) value of the static resource records

  4. The Security settings of the static resource records

Correct Answer: B

Explanation:

Reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged.

You can use this procedure to change how a specific resource record is scavenged. A stale record is a record where both the No-Refresh Interval and Refresh Interval have passed without

image

the time stamp updating. DNS-gt;View-gt;Advanced

Depending on the how the resource record was originally added to the zone, do one of the following:

If the record was added dynamically using dynamic update, clear the Delete this record when it becomes stale check box to prevent its aging or potential removal during the scavenging process. If dynamic updates to this record continue to occur, the Domain Name System (DNS) server will always reset this check box so that the dynamically updated record can be deleted.

If you added the record statically, select the Delete this record when it becomes stale check box to permit its aging or potential removal during the scavenging process.

image

http://technet.microsoft.com/en-us/library/cc759204(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759204(v=ws.10).aspx

Typically, stale DNS records occur when a computer is permanently removed from the network. Mobile users who abnormally disconnect from the network can also cause stale DNS records. To help manage stale records, Windows adds a time stamp to dynamically added resource records in primary zones where aging and scavenging are enabled. Manually added records are time stamped with a value of 0, and they are automatically excluded from the aging and scavenging process.

To enable aging and scavenging, you must do the following:

Resource records must be either dynamically added to zones or manually modified to be used in aging and scavenging operations.

Scavenging and aging must be enabled both at the DNS server and on the zone. Scavenging is disabled by default.

image

DNS scavenging depends on the following two settings:

No-refresh interval: The time between the most recent refresh of a record time stamp and the moment when the time stamp can be refreshed again. When scavenging is enabled, this is set to 7 days by default.

Refresh interval: The time between the earliest moment when a record time stamp can be refreshed and the earliest moment when the record can be scavenged. The refresh interval must be longer than the maximum record refresh period. When scavenging is enabled, this is set to 7 days by default.

A DNS record becomes eligible for scavenging after both the no-refresh and refresh intervals have elapsed. If the default values are used, this is a total of 14 days. http://technet.microsoft.com/en-us/library/cc759204(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc759204(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc771570.aspx

http://technet.microsoft.com/en-us/library/cc771677.aspx http://technet.microsoft.com/en-us/library/cc758321(v=ws.10).aspx

>

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.31

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Both servers have the DFS Replication role service installed.

image

You need to configure the DFS Replication environment to meet the following requirements: Increase the quota limit of the staging folder.

image

Configure the staging folder cleanup process to provide the highest amount of free space possible.

Which cmdlets should you use to meet each requirement? To answer, select the appropriate options in the answer area.

image

Correct Answer:

image

Question No.32

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.

When users without permission to Share1 attempt to access the share, they receive the Access Denied message as shown in the exhibit. (Click the Exhibit button.)

image

You deploy a new file server named Server2 that runs Windows Server 2012 R2.

You need to configure Server2 to display the same custom Access Denied message as Server1. What should you install on Server2?

  1. The Remote Assistance feature

  2. The Storage Services server role

  3. The File Server Resource Manager role service

  4. The Enhanced Storage feature

Correct Answer: C

Explanation:

Access-Denied Assistance is a new role service of the File Server role in Windows Server 2012.

image

We need to install the prerequisites for Access-Denied Assistance.

Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let#39;s do that quickly with Windows PowerShell:

Set-FSRMSetting -SMTPServer mailserver. nuggetlab.com -AdminEmailAddress admingroup@nuggetlab.com -FromEmailAddress admingroup@nuggetlab.com

You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To my mind, the latter approach is infinitely preferable from an administration standpoint.

Create a new GPO and make sure to target the GPO at your file servers#39; Active Directory computer accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are looking for the following path to configure Access-Denied Assistance:

\Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance

image

The Customize message for Access Denied errors policy, shown in the screenshot below, enables us to create the actual message box shown to users when they access a shared file to which their user account has no access.

image

What#39;s cool about this policy is that we can quot;personalizequot; the e-mail notifications to give us administrators (and, optionally, file owners) the details they need to resolve the permissions issue quickly and easily.

For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator e-mail address, and so forth. See this example:

Whoops! It looks like you#39;re having trouble accessing [Original File Path]. Please click Request Assistance to send [Admin Email] a help request e-mail message. Thanks!

You should find that your users prefer these human-readable, informative error messages to the cryptic, non-descript error dialogs they are accustomed to dealing with.

The Enable access-denied assistance on client for all file types policy should be enabled to force client computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO scope accordingly to quot;hitquot; your domain workstations as well as your Windows Server 2012 file servers.

Testing the configuration

This should come as no surprise to you, but Access-Denied Assistance works only with Windows Server 2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on your servers to see Access-Denied Assistance messages on server computers.

When a Windows 8 client computer attempts to open a file to which the user has no access, the custom Access-Denied Assistance message should appear:

image

If the user clicks Request Assistance in the Network Access dialog box, they see a secondary message:

image

At the end of this process, the administrator(s) will receive an e-mail message that contains the key information they need in order to resolve the access problem:

The user#39;s Active Directory identity The full path to the problematic file

A user-generated explanation of the problem

So that#39;s it, friends! Access-Denied Assistance presents Windows systems administrators with an easy-to-manage method for more efficiently resolving user access problems on shared file system resources. Of course, the key caveat is that your file servers must run Windows Server 2012 and your client devices must run Windows 8, but other than that, this is a great technology that should save admins extra work and end-users extra headaches.

http://4sysops.com/archives/access-denied-assistance-in-windows-server-2012/

Question No.33

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.

You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.

What should you do?

  1. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share – Advanced option.

  2. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.

  3. From the File Server Resource Manager console, modify the Email Notifications settings.

  4. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option.

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12

When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both.

The owner distribution list is configured by using the SMB Share ?Advanced file share profile in the New Share Wizard in Server Manager.

Question No.34

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

You need to configure Server1 to meet the following requirements:

image

Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.

image

Ensure that all storage reports are saved to a network share. Which two nodes should you configure?

To answer, select the appropriate two nodes in the answer area.

image

Correct Answer:

image

Question No.35

DRAG DROP

You are a network administrator of an Active Directory domain named contoso.com.

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Web Server (IIS) server role installed.

Server1 will host a web site at URL https://secure.contoso.com. The application pool identity account of the web site will be set to a domain user account named AppPool1.

You need to identify the setspn.exe command that you must run to configure the appropriate Service Principal Name (SPN) for the web site.

What should you run?

To answer, drag the appropriate objects to the correct location. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

image

Correct Answer:

image

Question No.36

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.

The domain has the Active Directory Recycle Bin enabled.

During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.

For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.

You need to identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.

What should you do first?

  1. Mount the most recent Active Directory backup.

  2. Reactivate the tombstone of Group1.

  3. Perform an authoritative restore of Group1.

  4. Use the Recycle Bin to restore Group1.

Correct Answer: A

Explanation:

The Active Directory Recycle Bin does not have the ability to track simple changes to objects.

If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties.

Question No.37

Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.

image

The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtual machine that is hosted on Server1.

You need to ensure that you can clone DC6. Which FSMO role should you transfer to DC2?

  1. Rid master

  2. Domain naming master

  3. PDC emulator

  4. Infrastructure master

Correct Answer: C

Explanation:

The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor.

http://technet.microsoft.com/en-us/library/hh831734.aspx

Question No.38

Your network contains an Active Directory domain named contoso.com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2.

You deploy a new domain controller named DC1 that runs Windows Server 2012 R2. You log on to DC1 by using an account that is a member of the Domain Admins group.

You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.

You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?

  1. Modify the membership of the Group Policy Creator Owners group.

  2. Transfer the PDC emulator operations master role to DC1.

  3. Upgrade all of the domain controllers that run Window Server 2008.

  4. Raise the functional level of the domain.

Correct Answer: D

Explanation:

Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.

Step 1: Create a PSO

Applies To: Windows Server 2008, Windows Server 2008 R2 http://technet.microsoft.com/en-us//library/cc754461(v=ws.10).aspx

Question No.39

Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2.

All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers.

A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group.

You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.

image

When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short.

You need to tell User1 what her minimum password length is. What should you tell User1?

  1. 10

  2. 11

  3. 12

  4. 14

Correct Answer: A

Explanation:

One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In this case, the PSO that has the precedence value of 2 has a higher rank and, hence, is applied to the object.

Question No.40

Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle bin is enabled for contoso.com.

A support technician accidentally deletes a user account named User1. You need to restore the User1 account.

Which tool should you use?

  1. Ldp

  2. Esentutl

  3. Active Directory Administrative Center

  4. Ntdsutil

Correct Answer: C

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 41-50

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.41

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.

The domain contains two domain controllers. The domain controllers are configured as shown in the following table.

image

Active Directory Recycle Bin is enabled.

You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.

You need to restore the membership of Group1. What should you do?

  1. Recover the items by using Active Directory Recycle Bin.

  2. Modify the is Recycled attribute of Group1.

  3. Perform tombstone reanimation.

  4. Perform an authoritative restore.

Correct Answer: A

Explanation:

Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.

When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.

Question No.42

Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.

You create a global group named RODC_Admins.

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.

What should you do?

  1. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

  2. From Windows PowerShell, run the Set-ADAccountControlcmdlet.

  3. From a command prompt, run the dsmgmt local roles command.

  4. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.

Correct Answer: C

Explanation:

RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

Question No.43

DRAG DROP

Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2.

The schema is upgraded to Windows Server 2012 R2.

Contoso.com contains two servers. The servers are configured as shown in the following table.

image

Server1 and Server2 host a load-balanced application pool named AppPool1.

You need to ensure that AppPool1 uses a group Managed Service Account as its identity. Which three actions should you perform?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

image

Correct Answer:

image

Question No.44

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.

You create an Active Directory snapshot of DC1 each day.

You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?

  1. Run the dsamain.exe command.

  2. Stop the Active Directory Domain Services (AD DS) service.

  3. Start the Volume Shadow Copy Service (VSS).

  4. Run the ntdsutil.exe command.

Correct Answer: A

Explanation:

Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server.

http://technet.microsoft.com/en-us/library/cc772168.aspx

Question No.45

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.

You plan to promote DC10 to a read-only domain controller (RODC).

You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.

What should you do?

  1. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object.

  2. From Active Directory Administrative Center, pre-create an RODC computer account.

  3. From Ntdsutil, run the local roles command.

  4. Join DC10 to the domain. Run dsmod and specify the /server switch.

Correct Answer: B

Explanation:

A staged read only domain controller (RODC) installation works in two discrete phases:

  1. Staging an unoccupied computer account

  2. Attaching an RODC to that account during promotion Reference:

Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)

Question No.46

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

You have two GPOs linked to an organizational unit (OU) named OU1. You need to change the precedence order of the GPOs.

What should you use?

  1. Dcgpofix

  2. Get-GPOReport

  3. Gpfixup

  4. Gpresult

  5. Gpedit. msc

  6. Import-GPO

  7. Restore-GPO

  8. Set-GPInheritance

  9. Set-GPLink

  10. Set-GPPermission

  11. Gpupdate

  12. Add-ADGroupMember

Correct Answer: I

Explanation:

The Set-GPLinkcmdlet sets the properties of a GPO link. You can set the following properties:

Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed for the site, domain or OU.

Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container.

Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU. http://technet.microsoft.com/en-us/library/ee461022.aspx

Question No.47

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

A network administrator accidentally deletes the Default Domain Policy GPO. You do not have a backup of any of the GPOs.

You need to recreate the Default Domain Policy GPO. What should you use?

  1. Dcgpofix

  2. Get-GPOReport

  3. Gpfixup

  4. Gpresult

  5. Gpedit. msc

  6. Import-GPO

  7. Restore-GPO

  8. Set-GPInheritance

  9. Set-GPLink

  10. Set-GPPermission

  11. Gpupdate

  12. Add-ADGroupMember

Correct Answer: A Explanation: Dcgpofix

Restores the default Group Policy objects to their original state (that is, the default state after initial installation).

http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx

Question No.48

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced

GPOs.

The domain contains a top-level organizational unit (OU) for each department. A group named Group1 contains members from each department.

You have a GPO named GPO1 that is linked to the domain.

You need to configure GPO1 to apply settings to Group1 only. What should you use?

  1. Dcgpofix

  2. Get-GPOReport

  3. Gpfixup

  4. Gpresult

  5. Gpedit. msc

  6. Import-GPO

  7. Restore-GPO

  8. Set-GPInheritance

  9. Set-GPLink

  10. Set-GPPermission

  11. Gpupdate

  12. Add-ADGroupMember

Correct Answer: J

Explanation:

Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify a user, security group, or computer for which to set the permission level. Replace lt;SwitchParametergt;

Specifies that the existing permission level for the group or user is removed before the new permission level is set. If a security principal is already granted a permission level that is higher than the specified permission level and you do not use the Replace parameter, no change is made.

http://technet.microsoft.com/en-us/library/ee461038.aspx

Question No.49

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

The domain is renamed to adatum.com. Group Policies no longer function correctly.

You need to ensure that the existing GPOs are applied to users and computers. You want to achieve this goal by using the minimum amount of administrative effort.

What should you use?

  1. Dcgpofix

  2. Get-GPOReport

  3. Gpfixup

  4. Gpresult

  5. Gpedit. msc

  6. Import-GPO

  7. Restore-GPO

  8. Set-GPInheritance

  9. Set-GPLink

  10. Set-GPPermission

  11. Gpupdate

  12. Add-ADGroupMember

Correct Answer: C

Explanation:

You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and NetBIOS names after a domain rename operation. http://technet.microsoft.com/en-us/library/hh852336(v=ws.10).aspx

Question No.50

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

You log on to Server1 by using a user account named User2.

From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)

image

You need to ensure that you can configure DirectAccess successfully. The solution must

minimize the number of permissions assigned to User2. To which group should you add User2?

  1. Enterprise Admins

  2. Administrators

  3. Account Operators

  4. Server Operators

Correct Answer: B

Explanation:

You must have privileges to create WMI filters in the domain in which you want to create the filter. Permissions can be changed by adding a user to the Administrators group.

Administrators (A built-in group)

After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group. The Administrators group has built-in capabilities that give its members full control over the system. The group is the default owner of any object that is created by a member of the group. This example logs in as a test user who is not a domain user or an administrator on the server. This results in the error specifying that DA can only be configured by a user with local administrator permissions.

http://technet.microsoft.com/en-us/library/cc780416(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc775497(v=ws.10).aspx

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 51-60

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.51

Your network contains an Active Directory domain named contoso.com. You need to install and configure the Web Application Proxy role service. What should you do?

  1. Install the Active Directory Federation Services server role and the Remote Access server role on different servers.

  2. Install the Active Directory Federation Services server role and the Remote Access server role on the same server.

  3. Install the Web Server (IIS) server role and the Application Server server role on the same server.

  4. Install the Web Server (IIS) server role and the Application Server server role on different servers.

Correct Answer: A

Explanation:

Web Application Proxy is a new Remote Access role service in Windows Server庐 2012 R2.

image

Question No.52

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server.

You need to configure Server1 to perform network address translation (NAT). What should you do?

  1. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network adapter.

  2. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network adapter.

  3. From Routing and Remote Access, add an IPv6 routing protocol.

  4. From Routing and Remote Access, add an IPv4 routing protocol.

Correct Answer: D

Explanation:

To configure an existing RRAS server to support both VPN remote access and NAT routing:

  1. Open Server Manager.

  2. Expand Roles, and then expand Network Policy and Access Services.

  3. Right-click Routing and Remote Access, and then click Properties.

  4. Select IPv4 Remote access Server or IPv6 Remote access server, or both.

Question No.53

You have a DNS server named Served that has a Server Core Installation on Windows Server 2012 R2.

You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.

What should you run?

  1. Show-DNSServerCache

  2. nslookup.exe

  3. ipconfig.exe /displaydns

  4. dnscacheugc.exe

Correct Answer: A

Explanation:

The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in the following format: Name, ResourceRecordData, Time-to-Live (TTL).

Question No.54

HOTSPOT

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.

What should you modify?

To answer, select the appropriate object in the answer area.

image

Correct Answer:

image

Question No.55

You have a DNS server named DN51 that runs Windows Server 2012 R2. On DNS1, you create a standard primary DNS zone named adatum.com.

You need to change the frequency that secondary name servers will replicate the zone from DNS1.

Which type of DNS record should you modify?

  1. Name server (NS)

  2. Start of authority (SOA)

  3. Host information (HINFO)

  4. Service location (SRV)

Correct Answer: B

Explanation:

The time to live is specified in the Start of Authority (SOA) record

Note: TTL (time to live) – The number of seconds a domain name is cached locally before expiration and return to authoritative nameservers for updated information.

Question No.56

Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.

image

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. From the Remote Access Management Console, reload the configuration.

  2. Add Server2 to a security group in Active Directory.

  3. Restart the IPSec Policy Agent service on Server2.

  4. From the Remote Access Management Console, modify the Infrastructure Servers settings.

  5. From the Remote Access Management Console, modify the Application Servers settings.

Correct Answer: BE

Explanation:

Unsure about these answers:

A public key infrastructure must be deployed.

Windows Firewall must be enabled on all profiles. ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6.

Computers that are running the following operating systems are supported as DirectAccess clients:

Windows Server庐 2012 R2 Windows 8.1 Enterprise

Windows Server庐 2012

Windows 8 Enterprise Windows Server庐 2008 R2 Windows 7 Ultimate

Windows 7 Enterprise

Force tunnel configuration is not supported with KerbProxy authentication. Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.

Question No.57

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.

The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.

Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com.

You need to configure Server1 to support the resolution of names in fabnkam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.

What should you do on Server1?

  1. Create a stub zone.

  2. Add a forwarder.

  3. Create a secondary zone.

  4. Create a conditional forwarder.

Correct Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/cc771898.aspx

When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable

While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records:

A copy of the SOA record for the zone.

Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone.

http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Stub_Zones.html http://technet.microsoft.com/en-us/library/cc771898.aspx http://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=2

Question No.58

Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.

On Server1, you create a standard primary zone named contoso.com.

You need to ensure that Server2 can host a secondary zone for contoso.com. What should you do from Server1?

  1. Add Server2 as a name server.

  2. Create a trust anchor named Server2.

  3. Convert contoso.com to an Active Directory-integrated zone.

  4. Create a zone delegation that points to Server2.

Correct Answer: A

Explanation:

Typically, adding a secondary DNS server to a zone involves three steps:

  1. On the primary DNS server, add the prospective secondary DNS server to the list of name servers that are authoritative for the zone.

  2. On the primary DNS server, verify that the transfer settings for the zone permit the zone to be transferred to the prospective secondary DNS server.

  3. On the prospective secondary DNS server, add the zone as a secondary zone.

You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server#39;s IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list.

Secondary zones cannot be AD-integrated under any circumstances.

You want to be sure Server2 can host, you do not want to delegate a zone.

Secondary Domain Name System (DNS) servers help provide load balancing and fault tolerance. Secondary DNS servers maintain a read-only copy of zone data that is transferred periodically from the primary DNS server for the zone. You can configure DNS clients to query secondary DNS servers instead of (or in addition to) the primary DNS server for a zone, reducing demand on the primary server and ensuring that DNS queries for the zone will be answered even if the primary server is not available.

How-To: Configure a secondary DNS Server in Windows Server 2012

We need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise replication will fail and you will get this big red X.

image

Head over to your primary DNS server, launch DNS manager, expand Forward Lookup Zones, navigate to your primary DNS zone, right-click on it and go to Properties.

Go to quot;Zone Transfersquot; tab, by default, for security reasons, the quot;Allow zone transfers: quot; is un- checked to protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not want to select quot;To any serverquot; but make sure you click on quot;Only to servers listed on the Name Servers tabquot;

image

Head over to the quot;Name Serversquot; tab, click Add

image

You will get quot;New Name Server Recordquot; window, type in the name of your secondary DNS server. it is always better to validate by name not IP address to avoid future problems in case your IP addresses change. Once done, click OK.

image

You will see your secondary DNS server is now added to your name servers selection, click OK.

image

Now if you head back to to your secondary DNS server and refresh, the big red X will go away and your primary zone data will populate

image

Your secondary DNS is fully setup now. You can not make any DNS changes from your secondary DNS. Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS.

http://technet.microsoft.com/en-us/library/cc816885(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc816814(v=ws.10).aspx http://blog.hyperexpert.com/how-to-configure-a-secondary-dns-server-in-windows-server-2012/ http://technet.microsoft.com/en-us/library/cc770984.aspx http://support.microsoft.com/kb/816101

http://technet.microsoft.com/en-us/library/cc753500.aspx http://technet.microsoft.com/en-us/library/cc771640(v=ws. 10).aspx http://technet.microsoft.com/en-us/library/ee649280(v=ws. 10).aspx

Question No.59

Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.

You implement DirectAccess by using the default configuration.

You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.

Which settings should you configure in a Group Policy object (GPO)?

  1. DirectAccess Client Experience Settings

  2. DNS Client

  3. Name Resolution Policy

  4. Network Connections

Correct Answer: C

Explanation:

For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, . internal.contoso.com or . corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers.

Include all intranet DNS namespaces that you want DirectAccess client computers to access. There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy.

Question No.60

Your network contains an Active Directory domain named contoso.com.

All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2.

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop.

You discover that when a user signs in, the Link1 is not added to the desktop. You need to ensure that when a user signs in, Link1 is added to the desktop. What should you do?

  1. Enforce GPO1.

  2. Enable loopback processing in GPO1.

  3. Modify the Link1 shortcut preference of GPO1.

  4. Modify the Security Filtering settings of GPO1.

Correct Answer: D

Explanation:

Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 61-70

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.61

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.

All client computers run Windows 8 Enterprise.

DC1 contains a Group Policy object (GPO) named GPO1. You need to deploy a VPN connection to all users.

What should you configure from User Configuration in GPO1?

  1. Policies/Administrative Templates/Network/Windows Connect Now

  2. Policies/Administrative Templates/Network/Network Connections

  3. Policies/Administrative Templates/Windows Components/Windows Mobility Center

  4. Preferences/Control Panel Settings/Network Options

Correct Answer: D

Explanation:

  1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.

  2. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder.

  3. Right-click the Network Options node, point to New, and select VPN Connection.

The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension.

http://technet.microsoft.com/en-us/library/cc772449.aspx

image

Question No.62

Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.

The network contains a shared folder named FinancialData that contains five files.

You need to ensure that the FinancialData folder and its contents are copied to all of the client computers.

Which two Group Policy preferences should you configure? (Each correct answer presents part of the solution. Choose two.)

  1. Shortcuts

  2. Network Shares

  3. Environment

  4. Folders

  5. Files

Correct Answer: DE

Explanation:

Folder preference items allow you to create, update, replace, and delete folders and their contents. (To configure individual files rather than folders, see Files Extension.) Before you create a Folder preference item, you should review the behavior of each type of action possible with this extension.

File preference items allow you to copy, modify the attributes of, replace, and delete files. (To configure folders rather than individual files, see Folders Extension.) Before you create a File preference item, you should review the behavior of each type of action possible with this extension.

Question No.63

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers.

You plan to unlink GPO1 from OU1.

You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1.

Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.)

  1. The managed Administrative Template settings

  2. The unmanaged Administrative Template settings

  3. The System Services security settings

  4. The Event Log security settings

  5. The Restricted Groups security settings

Correct Answer: AD

Explanation:

http://technet.microsoft.com/en-us/library/cc778402(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/bb964258.aspx

There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group Policy service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer

Question No.64

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.

You implement a Group Policy central store.

You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.

What should you configure in a Group Policy object (GPO)?

  1. The Group Policy preferences

  2. An application control policy

  3. The Administrative Templates

  4. The Software Installation settings

Correct Answer: A

Explanation:

Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files.

http://technet.microsoft.com/en-us/library/dn581922.aspx

Question No.65

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You have several Windows PowerShell scripts that execute when users log on to their client computer.

You need to ensure that all of the scripts execute completely before the users can access their desktop.

Which setting should you configure?

To answer, select the appropriate setting in the answer area.

image

Correct Answer:

image

Question No.66

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains 200 Group Policy objects (GPOs).

An administrator named Admin1 must be able to add new WMI filters from the Group Policy Management Console (GPMC).

You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1.

What should you do?

  1. From Active Directory Users and Computers, add Admin1 to the

    WinRMRemoteWMIUsers_group.

  2. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.

  3. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.

  4. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.

Correct Answer: D

Explanation:

Users with Full control permissions can create and control all WMI filters in the domain, including WMI filters created by others.

Users with Creator owner permissions can create WMI filters, but can only control WMI filters that they create.

http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx

Question No.67

HOTSPOT

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

You have a client named Client1 that is configured as an 802. IX supplicant.

You need to configure Server1 to handle authentication requests from Client1. The solution must minimize the number of authentication methods enabled on Server1.

Which authentication method should you enable? To answer, select the appropriate authentication method in the answer area.

image

Correct Answer:

image

Question No.68

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated.

An administrator modifies the start of authority (SOA) record for the adatum.com zone.

After the modification, you discover that when you add or modify DNS records in the adatum.com zone, the changes are not transferred to the DNS servers that host secondary copies of the adatum.com zone.

You need to ensure that the records are transferred to all the copies of the adatum.com zone. What should you modify in the SOA record for the adatum.com zone?

To answer, select the appropriate setting in the answer area.

image

Correct Answer:

image

Question No.69

HOTSPOT

Your network contains an Active Directory domain named contoso.com. You implement DirectAccess.

You need to view the properties of the DirectAccess connection. Which connection properties should you view?

To answer, select the appropriate connection properties in the answer area.

image

Correct Answer:

image

Question No.70

Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com.

You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes. Which setting should you modify in the start of authority (SOA) record?

  1. Retry interval

  2. Expires after

  3. Minimum (default) TTL

  4. Refresh interval

Correct Answer: D

Explanation:

By default, the refresh interval for each zone is set to 15 minutes. The refresh interval is used to determine how often other DNS servers that load and host the zone must attempt to renew the zone.

image

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 71-80

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.71

Your network contains two Active Directory domains named contoso.com and adatum.com.

The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone.

You need to configure Server1 to resolve names in the adatum.com domain. The solution must meet the following requirements:

image

Prevent the need to change the configuration of the current name servers that host zones for adatum.com.

image

Minimize administrative effort.

Which type of zone should you create?

  1. Secondary

  2. Stub

  3. Reverse lookup

  4. Primary

Correct Answer: B

Explanation:

When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone.

A stub zone is a copy of a zone that contains only necessary resource records (Start of Authority (SOA), Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the authoritative name server. The stub zone allows the server to forward queries to the name server that is authoritative for the master zone without going up to the root name servers and working its way down to the server. While a stub zone can improve performance, it does not provide redundancy or load sharing.

image

You can use stub zones to:

Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone. Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone#39;s list of name servers, without having to query the Internet or an internal root server for the DNS namespace.

Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones.

However, stub zones do not serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy and load sharing.

There are two lists of DNS servers involved in the loading and maintenance of a stub zone:

The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone. The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records.

When a DNS server loads a stub zone, such as widgets. tailspintoys.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets. tailspintoys.com. The list of master servers may contain a single server or multiple servers, and it can be changed anytime.

http://technet.microsoft.com/en-us/library/cc771898.aspx http://technet.microsoft.com/en-us/library/cc754190.aspx http://technet.microsoft.com/en-us/library/cc730980.aspx

Question No.72

Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com.

You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.

You need to ensure that the new zone will be available only on DC5 and DC6. What should you do first?

  1. Change the zone replication scope.

  2. Create an Active Directory connection object.

  3. Create an Active Directory site link.

  4. Create an application directory partition.

Correct Answer: D

Explanation:

You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition.

Question No.73

HOTSPOT

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network.

You need to install the RIP version 2 routing protocol on Server1. Which node should you use to add the RIP version 2 routing protocol? To answer, select the appropriate node in the answer area.

image

Correct Answer:

image

Question No.74

Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.

You install the Remote Access server role on 10 servers.

You need to ensure that all of the Remote Access servers use the same network policies.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.

  2. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.

  3. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.

  4. Configure each Remote Access server to use a RADIUS server named NPS1.

  5. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.

Correct Answer: CD

Explanation:

Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients.

Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx

Question No.75

HOTSPOT

You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate.

You need to configure a website on Server1 to use Secure Sockets Layer (SSL). To which store should you import the certificate?

To answer, select the appropriate store in the answer area.

image

Correct Answer:

image

Question No.76

Your network contains a server named Server1 that has the Network Policy and Access Services server role installed.

All of the network access servers forward connection requests to Server1. You create a new network policy on Server1.

You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24 subnet.

What should you do?

  1. Set the Client IP4 Address condition to 192.168.0.0/24.

  2. Set the Client IP4 Address condition to 192.168.0.

  3. Set the Called Station ID constraint to 192.168.0.0/24.

  4. Set the Called Station ID constraint to 192.168.0.

Correct Answer: B

Explanation:

RADIUS client properties

Following are the RADIUS client conditions that you can configure in network policy.

Calling Station ID: Specifies the network access server telephone number that was dialed by the dial-up access client.

Client Friendly Name: Specifies the name of the RADIUS client that forwarded the connection request to the NPS server.

Client IPv4 Address: Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.

Client IPv6 Address: Specifies the Internet Protocol (IP) version 6 address of the RADIUS client that forwarded the connection request to the NPS server.

Client Vendor: Specifies the name of the vendor or manufacturer of the RADIUS client that sends connection requests to the NPS server.

MS RAS Vendor: Specifies the vendor identification number of the network access server that is requesting authentication.

Question No.77

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.

You plan to deploy 802.1x authentication to secure the wireless network.

You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.1x deployment.

Which authentication method should you identify?

  1. MS-CHAP

  2. PEAP-MS-CHAPv2

  3. EAP-TLS

  4. MS-CHAP v2

Correct Answer: C

Explanation:

802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:

EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials.

EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key determination method.

EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication.

PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.

Question No.78

HOTSPOT

Your network contains an Active Directory named contoso.com. You have users named User1 and user2.

The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Allow access.

A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)

image

A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)

image

A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)

image

For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.

image

Correct Answer:

image

Question No.79

DRAG DROP

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.

You need to log all DHCP clients that have windows Firewall disabled. Which three actions should you perform in sequence?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

image

Correct Answer:

image

Question No.80

Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP or Windows 8.

Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV).

You need to identify which policy settings can be applied to all of the computers.

Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

  1. Antispyware is up to date.

  2. Automatic updating is enabled.

  3. Antivirus is up to date.

  4. A firewall is enabled for all network connections.

  5. An antispyware application is on.

Correct Answer: BCD

Explanation:

The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware applications.

image

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 81-90

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.81

DRAG DROP

You have a WIM file that contains an image of Windows Server 2012 R2.

Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image. You need to remove the MSU package from the image.

Which three actions should you perform in sequence?

To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.

image

Correct Answer:

image

Question No.82

Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed.

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1.

You need to configure replica downstream servers to send Server1 summary information about the computer update status.

What should you do?

  1. From Server1, configure Reporting Rollup.

  2. From Server2, configure Reporting Rollup.

  3. From Server2, configure Email Notifications.

  4. From Server1, configure Email Notifications.

Correct Answer: A

Explanation:

WSUS Reporting Rollup Sample Tool

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file. http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx

Question No.83

You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.

You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)

image

You need to configure a pre-staged device for VM1 in the Windows Deployment Services console.

Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A. 979708BFC04B45259FE0C4150BB6C618

B. 979708BF-C04B-4525-9FE0-C4150BB6C618 C. 00155D000F1300000000000000000000

D. 0000000000000000000000155D000F13

E. 00000000-0000-0000-0000-C4150BB6C618

Correct Answer: BD

Explanation:

Use client computer#39;s media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.

http://technet.microsoft.com/en-us/library/cc754469. aspx

Question No.84

You have a server named Server1 that runs Windows Server 2012 R2.

On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store performance log data in C:\Logs.

You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size.

What should you configure?

  1. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder

  2. The Data Manager settings of DCS1

  3. A schedule for DCS1

  4. A File Server Resource Manager (FSRM) quota on the C:\Logs folder

Correct Answer: B

Explanation:

To configure data management for a Data Collector Set

  1. In Windows Performance Monitor, expand Data Collector Sets and click User Defined.

  2. In the console pane, right-click the name of the Data Collector Set that you want to configure and click Data Manager.

  3. On the Data Manager tab, you can accept the default values or make changes according to your data retention policy. See the table below for details on each option.

    When Minimum free disk or Maximum folders is selected, previous data will be deleted according to the Resource policy you choose (Delete largest or Delete oldest) when the limit is reached.

    When Apply policy before the data collector set starts is selected, previous data will be deleted according to your selections before the data collector set creates its next log file.

    When Maximum root path size is selected, previous data will be deleted according to your selections when the root log folder size limit is reached.

  4. Click the Actions tab. You can accept the default values or make changes. See the table below for details on each option.

  5. When you have finished making your changes, click OK.

Question No.85

HOTSPOT

Your company has two offices. The offices are located in Montreal and Seattle.

The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.

You need to configure Server2 to download updates that are approved on Server1 only. What cmdlet should you run?

To answer, select the appropriate options in the answer area.

image

Correct Answer:

image

Question No.86

You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify which images are present in Install.wim.

What should you do?

  1. Run imagex.exe and specify the /ref parameter.

  2. Run dism.exe and specify the /get-mountedwiminfo parameter.

  3. Run dism.exe and specify the /get-imageinfo parameter.

  4. Run imagex.exe and specify the /verify parameter.

Correct Answer: C Explanation: Option:

/Get-ImageInfo

Arguments:

/ImageFile: lt;path_to_image.wimgt;

[{/Index: lt;Image_indexgt; | /Name: lt;Image_namegt;}]

Displays information about the images that are contained in the .wim, vhd or .vhdx file. When used with the Index or /Name argument, information about the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 Update, see Take Inventory of an Image or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index: 1 for VHD files.

http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh825224.aspx

Question No.87

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2.

You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs). You attach a new VHD to Server1.

You need to install Windows Server 2012 R2 in the VHD. What should you do?

  1. Run imagex.exe and specify the /append parameter.

  2. Run dism.exe and specify the /apply-image parameter.

  3. Run imagex.exe and specify the /export parameter.

  4. Run dism.exe and specify the /append-image parameter.

Correct Answer: B

Explanation:

On the destination computer, you will create a structure for the partitions where you apply your images. The partition structure on the destination computer must match the partition structure of the reference computer. If you apply an image to a volume with an existing Windows installation, files from the previous installation may not be deleted. Format the volume by using a tool such as DiskPart before applying the new image.

Question No.88

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.

You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. On Server1, create a collector initiated subscription.

  2. On Server1, create a source computer initiated subscription.

  3. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

  4. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

Correct Answer: BC

Explanation:

To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstation

  • Group Policy

    The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting:

    Computer configuration-Administrative templates-Windows components-Event forwarding- Configure the server address, refresh interval, and issue certificate authority of a target subscription manager.

  • Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows Components | Event Forwarding – Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager

Question No.89

Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines.

You need to view the amount of memory resources and processor resources each virtual machine uses currently.

Which tool should you use on Server1?

  1. Hyper-V Manager

  2. Task Manager

  3. Windows System Resource Manager (WSRM)

  4. Resource Monitor

Correct Answer: A

Question No.90

You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume.

You add a new hard disk to WSUS1 and then create a volume on the hard disk.

You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume.

What should you do?

  1. From the Update Services console, configure the Update Files and Languages option.

  2. From the Update Services console, run the Windows Server Update Services Configuration Wizard.

  3. From a command prompt, run wsusutil.exe and specify the export parameter.

  4. From a command prompt, run wsusutil.exe and specify the movecontent parameter.

Correct Answer: D

Explanation:

Local Storage Considerations

If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB. Therefore if you choose any of these options, install a larger disk (for example, 100 GB).

If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive, you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing WSUS from the Command Line.

For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to the new location, you would type:

wsusutil.exe movecontent D:\WSUS1\ D:\move. log

Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server 2003.

Syntax

At the command line %drive%\Program Files\Update Services\Toolsgt;, type: wsusutilmovecontentcontentpathlogfile -skipcopy [/?]

The parameters are defined in the following table. contentpath – the new root for content files. The path must exist. logfile – the path and file name of the log file to create. -skipcopy – indicates that only the server configuration should be changed, and that the content files should not be copied.

/help or /? – displays command-line help for movecontent command.

http://blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus- stores-updates-locally.aspx

http://technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc708480(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc708480(v=ws.10).aspx

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 1-10

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.1

DRAG DROP

Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1. VPN1 forwards all authentication requests to NPS1.

A partner company has an Active Directory forest named adatum.com. The adatum.com forest contains an NPS server named NPS2.

You plan to grant users from adatum.com VPN access to your network. You need to authenticate the users from adatum.com on VPN1.

What should you create on each NPS server?

To answer, drag the appropriate objects to the correct NPS servers. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

image

Correct Answer:

image

Question No.2

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains the users shown in the following table.

image

You have a Network Policy Server (NPS) server that has the network policies shown in the following table.

image

User1, User2, and User3 plan to connect to the network by using a VPN. You need to identify which network policy will apply to each user.

What should you identify?

To answer, select the appropriate policy for each user in the answer area.

image

Correct Answer:

image

Question No.3

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

image

Server1 has the following role services installed: DirectAccess and VPN (RRAS)

image

Network Policy Server

Remote users have client computers that run either Windows XP, Windows 7, or Windows 8.

You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1.

What should you configure on Server1?

  1. A condition of a Network Policy Server (NPS) network policy

  2. A constraint of a Network Policy Server (NPS) network policy

  3. A condition of a Network Policy Server (NPS) connection request policy

  4. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy

Correct Answer: A

Explanation:

If you want to configure the Operating System condition, click Operating System, and then click Add. In Operating System Properties, click Add, and then specify the operating system settings that are required to match the policy. The Operating System condition specifies the operating system (operating system version or service pack number), role (client or server), and architecture (x86, x64, or ia64) required for the computer configuration to match the policy.

Question No.4

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 has the Network Policy Server server role installed. Server2 has the DHCP Server server role installed. Both servers run Windows Server 2012 R2. You are configuring Network Access Protection (NAP) to use DHCP enforcement.

You configure a DHCP scope as shown in the exhibit. (Click the Exhibit button.)

image

You need to ensure that non-compliant NAP clients receive different DHCP options than compliant NAP clients.

What should you configure on each server?

To answer, select the appropriate options for each server in the answer area.

image

Correct Answer:

image

Question No.5

You are a network administrator of an Active Directory domain named contoso.com.

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed.

You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.

You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?

  1. The client identifier

  2. The user class

  3. The vendor class

  4. The relay agent information

Correct Answer: B

Explanation:

image

To configure a NAP-enabled DHCP server

On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press ENTER.

In the DHCP console, open lt;servernamegt;\IPv4.

Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.

On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK.

In the DHCP console tree, under the DHCP scope that you have selected, right- click Scope Options, and then click Configure Options. On the Advanced tab, verify that Default User Class is selected next to User class.

Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add.

Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add.

Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization#39;s domain name (for example, woodgrovebank. local), and then click Apply. This

domain is a full-access network assigned to compliant NAP clients.

On the Advanced tab, next to User class, choose Default Network Access Protection Class. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.

Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add.

These can be the same DNS servers used by compliant NAP clients.

Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted. Woodgrovebank. local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients.

Click OK to close the Scope Options dialog box. Close the DHCP console.

http://technet.microsoft.com/en-us/library/dd296905(v=ws.10).aspx

Question No.6

HOTSPOT

Your network contains a RADIUS server named Server1.

You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.

You need to ensure that all accounting requests for Server2 are forwarded to Server1. On Server2, you configure a Connection Request Policy.

What else should you configure on Server2?

To answer, select the appropriate node in the answer area.

image

Correct Answer:

image

Question No.7

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.

An administrator creates a RADIUS client template named Template1. You create a RADIUS client named Client1 by using Template 1.

You need to modify the shared secret for Client1. What should you do first?

  1. Configure the Advanced settings of Template1.

  2. Set the Shared secret setting of Template1 to Manual.

  3. Clear Enable this RADIUS client for Client1.

  4. Clear Select an existing template for Client1.

Correct Answer: D

Explanation:

Clear checkmark for Select an existing template in the new client wizard.

In New RADIUS Client, in Shared secret, do one of the following:

Bullet Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the RADIUS client. Retype the shared secret in Confirm shared secret.

image

image

Question No.8

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.

Server1 provides VPN access to external users.

You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.

What should you run?

  1. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled – SharedSecret quot;Secretquot; -Purpose Accounting

  2. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled

  3. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled – SharedSecret quot;Secretquot; -Purpose Accounting

  4. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled

Correct Answer: C

Explanation:

Add-RemoteAccessRadius

Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess (DA) and VPN, or one-time password (OTP) authentication for DA.

AccountingOnOffMsglt;Stringgt;

Indicates the enabled state for sending of accounting on or off messages. The acceptable values for this parameter are:

Enabled.

Disabled. This is the default value.

This parameter is applicable only when the RADIUS server is being added for Remote Access accounting.

Question No.9

Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Servers, and Server4.

Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1.

You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receive connection requests if both Server2 and Server3 are unavailable.

How should you configure Group1?

  1. Change the Weight of Server4 to 10.

  2. Change the Weight of Server2 and Server3 to 10.

  3. Change the Priority of Server2 and Server3 to 10.

  4. Change the Priority of Server4 to 10.

Correct Answer: D

Explanation:

During the NPS proxy configuration process, you can create remote RADIUS server groups and then add RADIUS servers to each group. To configure load balancing, you must have more than one RADIUS server per remote RADIUS server group. While adding group members, or after creating a RADIUS server as a group member, you can access the Add RADIUS server dialog box to configure the following items on the Load Balancing tab:

Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.

Weight. NPS uses this Weight setting to determine how many connection requests to send to

each group member when the group members have the same priority level. Weight setting must be assigned a value between 1 and 100, and the value represents a percentage of 100 percent. For example, if the remote RADIUS server group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxy forwards 50 percent of the connection requests to each RADIUS server.

Advanced settings. These failover settingsprovide a way for NPS to determine whether the remote RADIUS server is unavailable. If NPS determines that a RADIUS server is unavailable, it can start sending connection requests to other group members. With these settings you can configure the number of seconds that the NPS proxy waits for a response from the RADIUS server before it considers the request dropped; the maximum number of dropped requests before the NPS proxy identifies the RADIUS server as unavailable; and the number of seconds that can elapse between requests before the NPS proxy identifies the RADIUS server as unavailable.

The default priority is 1 and can be changed from 1 to 65535. So changing server 2 and 3 to priority 10 is not the way to go.

image

http://technet.microsoft.com/en-us/library/dd197433(WS.10).aspx

Question No.10

DRAG DROP

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named user1.

User1 is the member of a group named Group1. Group1 is in the Users container.

You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.

image

The Authenticated Users group is assigned the default permissions to all of the GPOs. There are no site-level GPOs.

You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1.

Which three GPOs should you identify in sequence?

To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.

image

Correct Answer:

image

Get Full Version of 70-411 Dumps

Categories
70-411 Dumps

70-411 Real Exam Dumps Questions and answers 11-20

Get Full Version of the Exam
http://www.EnsurePass.com/70-411.html

Question No.11

Your network contains an Active Directory domain named adatum.com. A network administrator creates a Group Policy central store.

After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.

You need to ensure that the Administrative Templates appear in new GPOs. What should you do?

  1. Add your user account to the Group Policy Creator Owners group.

  2. Configure all domain controllers as global catalog servers.

  3. Copy files from %Windir%\Policydefinitions to the central store.

  4. Modify the Delegation settings of the new GPOs.

Correct Answer: C

Explanation:

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

Question No.12

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise.

You implement a Group Policy central store.

You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers.

You need to deploy the custom registry setting. The solution must minimize administrator effort. What should you configure in a Group Policy object (GPO)?

  1. The Software Installation settings

  2. The Administrative Templates

  3. An application control policy

  4. The Group Policy preferences

Correct Answer: D

Explanation:

Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Windows Settings folder. Right-click the Registry node, point to New, and select Registry Item .

Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later).

You can also use Group Policy preferences to configure applications that are not Group Policy- aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. The Group Policy Management Editor (GPME) includes Group Policy preferences. http://technet.microsoft.com/en-us/library/gg699429.aspx

http://www.unidesk.com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling- machine-password

image

image

Question No.13

Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.

Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.

You need to copy GPO1 from dev.contoso.com to contoso.com. What should you do first on DC2?

  1. From the Group Policy Management console, right-click GPO1 and select Copy.

  2. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter.

  3. Run the Save-NetGpocmdlet.

  4. Run the Backup-Gpocmdlet.

Correct Answer: A

Explanation:

To copy a Group Policy object:

In the GPMC console tree, right-click the GPO that you want to copy, and then click Copy. To create a copy of the GPO in the same domain as the source GPO, right-click Group Policy objects, click Paste, specify permissions for the new GPO in the Copy GPO box, and then click OK .

For copy operations to another domain, you may need to specify a migration table.

The Migration Table Editor (MTE) is provided with Group Policy Management Console (GPMC) to facilitate the editing of migration tables. Migration tables are used for copying or importing Group Policy objects (GPOs) from one domain to another, in cases where the GPOs include domain- specific information that must be updated during copy or import. Source WS2008R2: Backup the

existing GPOs from the GPMC, you need to ensure that the quot;Group Policy Objectsquot; container is selected for the quot;Backup Up Allquot; option to be available.

Copy a Group Policy Object with the Group Policy Management Console (GPMC) You can copy a Group Policy object (GPO) either by using the drag-and-drop method or right-click method.

Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012

http://technet.microsoft.com/en-us/library/cc785343(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc733107.aspx

Question No.14

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed.

The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers.

You need to add a system variable named App1Data to all of the client computers. Which Group Policy preference should you configure?

  1. Environment

  2. Ini Files

  3. Data Sources

  4. Services

Correct Answer: A

Explanation:

Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension.

Question No.15

Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user.

You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop.

You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

  1. Enforce GPO1.

  2. Modify the Link1 shortcut preference of GPO1.

  3. Enable loopback processing in GPO1.

  4. Modify the Security Filtering settings of GPO1.

Correct Answer: B

Explanation:

Replace Delete and recreate a shortcut for computers or users. The net result of the Replace action is to overwrite the existing shortcut. If the shortcut does not exist, then the Replace action creates a new shortcut.

This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the shortcut already exists.

image

http://technet.microsoft.com/en-us/library/cc753580.aspx http://technet.microsoft.com/en-us/library/cc753580.aspx

Question No.16

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You have several Windows PowerShell scripts that execute when client computers start.

When a client computer starts, you discover that it takes a long time before users are prompted to log on.

You need to reduce the amount of time it takes for the client computers to start. The solution must not prevent scripts from completing successfully.

Which setting should you configure?

To answer, select the appropriate setting in the answer area.

image

Correct Answer:

image

Question No.17

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2.

You enable the EventLog-Application event trace session.

You need to set the maximum size of the log file used by the trace session to 10 MB. From which tab should you perform the configuration?

To answer, select the appropriate tab in the answer area.

image

Correct Answer:

image

Question No.18

HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.

Server1 and Server2 are configured as replica servers that use Server3 as an upstream server. You remove Servers from the network.

You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft.

Which command should you run on each server?

To answer, select the appropriate command to run on each server in the answer area.

image

Correct Answer:

image

Question No.19

You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.

You have a desktop computer that has the following configuration: Computer name: Computer1

Operating system: Windows 8 MAC address: 20-CF-30-65-D0-87

GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618

You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.

Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A. 20CF3065D08700000000000000000000 B. 979708BFC04B45259FE0C4150BB6C618

C. 979708BF-C04B-452S-9FE0-C4150BB6C618 D. 0000000000000000000020CF306SD087

E. 00000000-0000-0000-0000-C41S0BB6C618

Correct Answer: CD

Explanation:

In the text box, type the client computer#39;s MAC address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.

  • To add or remove pre-staged client to/from AD DS, specify the name of the computer or the device ID, which is a GUID, media access control (MAC) address, or Dynamic Host Configuration Protocol (DHCP) identifier associated with the computer.

  • Example: Remove a device by using its ID from a specified domain This command removes the pre-staged device that has the specified ID. The cmdlet searches the domain named TSQA.contoso.com for the device.

Windows PowerShell

PS C:\gt; Remove-WdsClient -DeviceID quot;5a7a1def-2e1f-4a7b-a792-ae5275b6ef92quot; -Domain – DomainName quot;TSQA.contoso.comquot;

Question No.20

You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim. What should you do?

  1. Run dism.exe and specify the /get-mountedwiminfo parameter.

  2. Run imagex.exe and specify the /verify parameter.

  3. Run imagex.exe and specify the /ref parameter.

  4. Run dism.exe and specify the/get-imageinfo parameter.

Correct Answer: A

Explanation:

/Get-MountedWimInfo Lists the images that are currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted

image index.

http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh825224.aspx

Get Full Version of 70-411 Dumps