12 tips on How to 70-411 Test Like a Badass [25 to 36]

70-411 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

Get it now →

Product Description:
Exam Number/Code: 70-411
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-411 Exam pdf Collection

Exam Code: 70-411 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-411 Exam.

2016 Apr 70-411 Study Guide Questions:

Q25. Your network contains an Active Directory domain named adatum.com. The domain contains five servers. The servers are configured as shown in the following table. 


All desktop computers in adatum.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives. 

You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network. 

To which server should you deploy the feature? 

A. Server3 

B. Server1 

C. DC2 

D. Server2 

E. DC1 

Answer: B 

Explanation: 

The BitLocker-NetworkUnlock feature must be installed on a Windows Deployment Server (which does not have to be configured--the WDSServer service just needs to be running). 


Q26. HOTSPOT 

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. 

You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. 

You need to identify which domain controller will be used for initial replication during the promotion of the RODC. 

Which tab should you use to identify the domain controller? 

To answer, select the appropriate tab in the answer area. 


Answer: 



Q27. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. 

All client computers run Windows 8 Enterprise. 

DC1 contains a Group Policy object (GPO) named GPO1. 

You need to deploy a VPN connection to all users. 

What should you configure from User Configuration in GPO1? 

A. Policies/Administrative Templates/Network/Windows Connect Now 

B. Policies/Administrative Templates/Network/Network Connections 

C. Policies/Administrative Templates/Windows Components/Windows Mobility Center 

D. Preferences/Control Panel Settings/Network Options 

Answer: D 

Explanation: 

1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. 

2. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. 

3. Right-click the Network Options node, point to New, and select VPN Connection. 

The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension. 

Reference: http: //technet.microsoft.com/en-us/library/cc772449.aspx 


Q28. You have a DNS server named Server1. 

Server1 has a primary zone named contoso.com. 

Zone Aging/Scavenging is configured for the contoso.com zone. 

One month ago, an administrator removed a server named Server2 from the network. 

You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com. 

You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com. 

What should you modify? 

A. The Expires after value of contoso.com 

B. The Record time stamp value of the static resource records 

C. The time-to-live (TTL) value of the static resource records 

D. The Security settings of the static resource records 

Answer: B 

Explanation: 

Reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged. 

You can use this procedure to change how a specific resource record is scavenged. 

A stale record is a record where both the No-Refresh Interval and Refresh Interval have passed without the time stamp updating. 

DNS->View->Advanced 


Depending on the how the resource record was originally added to the zone, do one of the following: If the record was added dynamically using dynamic update, clear the Delete this record when it becomes stale check box to prevent its aging or potential removal during the scavenging process. If dynamic updates to this record continue to occur, the Domain Name System (DNS) server will always reset this check box so that the dynamically updated record can be deleted. 

If you added the record statically, select the Delete this record when it becomes stale check box to permit its aging or potential removal during the scavenging process. 


References: http: //technet. microsoft. com/en-us/library/cc759204%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc759204%28v=ws. 10%29. aspx 

Typically, stale DNS records occur when a computer is permanently removed from the network. Mobile users who abnormally disconnect from the network can also cause stale DNS records. To help manage stale records, Windows adds a time stamp to dynamically added resource records in primary zones where aging and scavenging are enabled. Manually added records are time stamped with a value of 0, and they are automatically excluded from the aging and scavenging process. 

To enable aging and scavenging, you must do the following: 

Resource records must be either dynamically added to zones or manually modified to be used in aging and scavenging operations. 

Scavenging and aging must be enabled both at the DNS server and on the zone. 

Scavenging is disabled by default. 


DNS scavenging depends on the following two settings: 

No-refresh interval: The time between the most recent refresh of a record time stamp and the moment when the time stamp can be refreshed again. When scavenging is enabled, this is set to 7 days by default. 

Refresh interval: The time between the earliest moment when a record time stamp can be refreshed and the earliest moment when the record can be scavenged. The refresh interval must be longer than the maximum record refresh period. When scavenging is enabled, this is set to 7 days by default. 

A DNS record becomes eligible for scavenging after both the no-refresh and refresh intervals have elapsed. If the default values are used, this is a total of 14 days. 

References: http: //technet. microsoft. com/en-us/library/cc759204%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc759204%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc771570. aspx 

http: //technet. microsoft. com/en-us/library/cc771677. aspx 

http: //technet. microsoft. com/en-us/library/cc758321(v=ws. 10). aspx 


70-411 exam question

Renew 70-411 free download:

Q29. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains the users shown in the following table. 


You have a Network Policy Server (NPS) server that has the network policies shown in the following table. 


User1, User2, and User3 plan to connect to the network by using a VPN. You need to identify which network policy will apply to each user. 

What should you identify? 

To answer, select the appropriate policy for each user in the answer area. 



Answer: 



Q30. HOTSPOT 

You have a server named LON-SVR1 that runs Windows Server 2012 R2. LON-SVR1 has the Remote Access server role installed. LON-SVRl is located in the perimeter network. 

The IPv4 routing table on LON-SVR1 is configured as shown in the following exhibit. (Click the Exhibit button.) 


Your company purchases an additional router named Router1. Router1 has an interface that connects to the perimeter network and an interface that connects to the Internet. The IP address of the interface that connects to the perimeter network is 172.16.0.2. 

You need to ensure that LON-SVR1 will route traffic to the Internet by using Router1 if the current default gateway is unavailable. 

How should you configure the static route on LON-SVR1? To answer, select the appropriate static route in the answer area. 


Answer: 



Q31. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup. 

You plan to promote DC10 to a read-only domain controller (RODC). 

You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1. 

What should you do? 

A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object. 

B. From Active Directory Administrative Center, pre-create an RODC computer account. 

C. From Ntdsutil, run the local roles command. 

D. Join DC10 to the domain. Run dsmod and specify the /server switch. 

Answer: B 

Explanation: 

A staged read only domain controller (RODC) installation works in two discrete phases: 

1. Staging an unoccupied computer account 

2. Attaching an RODC to that account during promotion 

Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC) 


Q32. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. 

Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area. 


Answer: 



70-411 download

Guaranteed 70-411 guidance:

Q33. You have a DNS server named DN51 that runs Windows Server 2012 R2. 

On DNS1, you create a standard primary DNS zone named adatum.com. 

You need to change the frequency that secondary name servers will replicate the zone from DNS1. 

Which type of DNS record should you modify? 

A. Name server (NS) 

B. Start of authority (SOA) 

C. Host information (HINFO) 

D. Service location (SRV) 

Answer: B 

Explanation: 

The time to live is specified in the Start of Authority (SOA) record Note: TTL (time to live) - The number of seconds a domain name is cached locally before expiration and return to authoritative nameservers for updated information. 


Q34. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting. 

Server1 is configured as a VPN server and is configured to forward authentication requests to Server2. 

You need to ensure that only Server2 contains event information about authentication requests from connections to Server1. 

Which two nodes should you configure from the Network Policy Server console? 

To answer, select the appropriate two nodes in the answer area. 


Answer: 



Q35. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. 

The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. 

Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. 

You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2. 

What should you create? 

A. A trust anchor 

B. A stub zone 

C. A zone delegation 

D. A secondary zone 

Answer: B 

Explanation: 

A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. 


Q36. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily. 

The domain has the Active Directory Recycle Bin enabled. 

During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups. 

For documentation purposes, you must provide a list of the members of Group1 before the group was deleted. 

You need to identify the names of the users who were members of Group1 prior to its deletion. 

You want to achieve this goal by using the minimum amount of administrative effort. 

What should you do first? 

A. Mount the most recent Active Directory backup. 

B. Reactivate the tombstone of Group1. 

C. Perform an authoritative restore of Group1. 

D. Use the Recycle Bin to restore Group1. 

Answer: A 

Explanation: 

The Active Directory Recycle Bin does not have the ability to track simple changes to objects. 

If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. 



see more 70-411 - Administering Windows Server 2012