Apr 2016 updated: Exambible Microsoft 70-411 free exam questions 13-24

70-411 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

Get it now →

Product Description:
Exam Number/Code: 70-411
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-411 Exam pdf Collection

Exam Code: 70-411 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-411 Exam.

2016 Apr 70-411 Study Guide Questions:

Q13. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server. 

Server1 provides VPN access to external users. 

You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2. 

What should you run? 

A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting 

B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled 

C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting 

D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled 

Answer: C 

Explanation: 

Add-RemoteAccessRadius 

Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess 

(DA) and VPN, or one-time password (OTP) authentication for DA. 

AccountingOnOffMsg<String> 

Indicates the enabled state for sending of accounting on or off messages. The acceptable 

values for this parameter are: 

. Enabled. 

. Disabled. 

This is the default value. This parameter is applicable only when the RADIUS server is being added for Remote Access accounting. 


Q14. You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com. 

You need to specify the email address of the person responsible for the zone. 

Which type of DNS record should you configure? 

A. Start of authority (SOA) 

B. Host information (HINFO) 

C. Mailbox (MB) 

D. Mail exchanger (MX) 

Answer: A 

Explanation: 

A SOA-record defines the responsible person for an entire zone, but a zone may contain many individual hosts / domain names for which different people are responsible. The RP-record type makes it possible to identify the responsible person for individual host names contained within the zone. 




Q15. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 

On Server1, you create a network policy named Policy1. 

You need to configure Policy1 to ensure that users are added to a VLAN. 

Which attributes should you add to Policy1? 

A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference 

B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID 

C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID 

D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID 

Answer: C 

Explanation: 

VLAN attributes used in network policy 

When you use network hardware, such as routers, switches, and access controllers that support virtual local area networks (VLANs), you can configure Network Policy Server (NPS) network policy to instruct the access servers to place members of Active Directory. groups on VLANs. 

Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain Services (AD DS) that you want to assign to specific VLANs. Then when you run the New Network Policy wizard, add the Active Directory group as a condition of the network policy. 

You can create a separate network policy for each group that you want to assign to a VLAN. For more information, see Create a Group for a Network Policy. When you configure network policy for use with VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-Group-ID, and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-Tag. 

To configure these attributes in a network policy, use the New Network Policy wizard to create a network policy. You can add the attributes to the network policy settings while running the wizard or after you have successfully created a policy with the wizard. 

. Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the New Network Policy wizard. For example, if the network policy you are configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format). 

. Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. For example, if you want to create a Sales VLAN for your sales team by assigning team members to VLAN 4, type the number 4. 

. Tunnel-Type. Select the value Virtual LANs (VLAN). 

. Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this attribute, obtain this value from your hardware documentation. 


Q16. HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys. 

What should you modify? 

To answer, select the appropriate object in the answer area. 


Answer: 



70-411 free practice questions

Regenerate 70-411 simulations:

Q17. Your network contains an Active Directory domain named contoso.com. The domain 

contains a domain controller named DC1 that runs Windows Server 2012 R2. 

All client computers run Windows 8 Enterprise. 

DC1 contains a Group Policy object (GPO) named GPO1. 

You need to update the PATH variable on all of the client computers. 

Which Group Policy preference should you configure? 

A. Ini Files 

B. Services 

C. Data Sources 

D. Environment 

Answer: D 

Explanation: 

Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension. 


Q18. Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. 

On DC10, the disk that contains the SYSVOL folder fails. 

You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. 

You need to perform a non-authoritative synchronization of SYSVOL on DC10. 

Which tool should you use before you start the DFS Replication service on DC10? 

A. Dfsgui.msc 

B. Dfsmgmt.msc 

C. Adsiedit.msc 

D. Ldp 

Answer: C 

Explanation: 

How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS) 

. In the ADSIEDIT. MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative: 

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain> msDFSR-Enabled=FALSE 

. Force Active Directory replication throughout the domain. 

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative: 

DFSRDIAG POLLAD 

. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated. 

. On the same DN from Step 1, set: 

msDFSR-Enabled=TRUE 

. Force Active Directory replication throughout the domain. 

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative: 

DFSRDIAG POLLAD 

. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL. 

Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit. msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. 


Q19. Your network contains an Active Directory domain named contoso.com. 

All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2. 

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop. 

You discover that when a user signs in, the Link1 is not added to the desktop. 

You need to ensure that when a user signs in, Link1 is added to the desktop. 

What should you do? 

A. Enforce GPO1. 

B. Enable loopback processing in GPO1. 

C. Modify the Link1 shortcut preference of GPO1. 

D. Modify the Security Filtering settings of GPO1. 

Answer: D 

Explanation: 

Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO. 


Q20. You are a network administrator of an Active Directory domain named contoso.com. 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed. 

You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. 

You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. 

Which criteria should you specify when you create the DHCP policy? 

A. The client identifier 

B. The user class 

C. The vendor class 

D. The relay agent information 

Answer: B 

Explanation: 


To configure a NAP-enabled DHCP server 

On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press ENTER. 

In the DHCP console, open <servername>\IPv4. 

Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties. 

On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK. 

In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, and then click Configure Options. 

On the Advanced tab, verify that Default User Class is selected next to User class. 

Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization's domain name (for example, woodgrovebank. local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients. On the Advanced tab, next to User class, choose Default Network Access Protection Class. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted. Woodgrovebank. local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients. Click OK to close the Scope Options dialog box. Close the DHCP console. 

Reference: http: //technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx 


70-411 exam prep

Certified 70-411 courses:

Q21. Your network contains an Active Directory domain named adatum.com. 

You need to audit changes to the files in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL replication traffic caused by the audit. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. Audit Policy\Audit system events 

B. Advanced Audit Policy Configuration\DS Access 

C. Advanced Audit Policy Configuration\Global Object Access Auditing 

D. Audit Policy\Audit object access 

E. Audit Policy\Audit directory service access 

F. Advanced Audit Policy Configuration\Object Access 

Answer: D,F 


Q22. You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume. 

You add a new hard disk to WSUS1 and then create a volume on the hard disk. 

You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume. 

What should you do? 

A. From the Update Services console, configure the Update Files and Languages option. 

B. From the Update Services console, run the Windows Server Update Services Configuration Wizard. 

C. From a command prompt, run wsusutil.exe and specify the export parameter. 

D. From a command prompt, run wsusutil.exe and specify the movecontent parameter. 

Answer: D 

Explanation: 

Local Storage Considerations 

If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB. 

Therefore if you choose any of these options, install a larger disk (for example, 100 GB). 

If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive, you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing WSUS from the Command Line. 

For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. Log. 

Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server 2003. 

Syntax 

At the command line %drive%\Program Files\Update Services\Tools>, type: 

wsusutilmovecontentcontentpathlogfile -skipcopy [/?] 

The parameters are defined in the following table. 

contentpath - the new root for content files. The path must exist. 

logfile - the path and file name of the log file to create. 

-skipcopy - indicates that only the server configuration should be changed, and that the content files should not be copied. 

/help or /? - displays command-line help for movecontent command. 

References: 

http: //blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx 

http: //technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx http: //technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx 


Q23. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. 

All domain users are configured to have a minimum password length of eight characters. 

You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. 

What should you do? 

A. Configure a local Group Policy object (GPO) on each research server. 

B. Create and link a Group Policy object (GPO) to the ResearchServers OU. 

C. Create a universal group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group. 

D. Create a global group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group. 

Answer: B 

Explanation: 

For a domain, and you are on a member server or a workstation that is joined to the domain 

1. Open Microsoft Management Console (MMC). 

2. On the File menu, click Add/Remove Snap-in, and then click Add. 

3. Click Group Policy Object Editor, and then click Add. 

4. In Select Group Policy Object, click Browse. 

5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the appropriate domain, site, or organizational unit--or create a new one, click OK, and then click Finish. 

6. Click Close, and then click OK. 

7. In the console tree, click Password Policy. 

Where? 

Group Policy Object [computer name] Policy/Computer Configuration/Windows 

Settings/Security Settings/Account Policies/Password Policy 

8. In the details pane, right-click the policy setting that you want, and then click Properties. 

9. If you are defining this policy setting for the first time, select the Define this policy setting 

check box. 

10. Select the options that you want, and then click OK. 


Q24. You have a server named Server1 that runs Windows Server 2012 R2. 

On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store performance log data in C:\Logs. 

You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size. 

What should you configure? 

A. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder 

B. The Data Manager settings of DCS1 

C. A schedule for DCS1 

D. A File Server Resource Manager (FSRM) quota on the C:\Logs folder 

Answer: B 

Explanation: 

To configure data management for a Data Collector Set 

1. In Windows Performance Monitor, expand Data Collector Sets and click User Defined. 

2. In the console pane, right-click the name of the Data Collector Set that you want to configure and click Data Manager. 

3. On the Data Manager tab, you can accept the default values or make changes according to your data retention policy. See the table below for details on each option. When Minimum free disk or Maximum folders is selected, previous data will be deleted according to the Resource policy you choose (Delete largest or Delete oldest) when the limit is reached. When Apply policy before the data collector set starts is selected, previous data will be deleted according to your selections before the data collector set creates its next log file. When Maximum root path size is selected, previous data will be deleted according to your selections when the root log folder size limit is reached. 

4. Click the Actions tab. You can accept the default values or make changes. See the table below for details on each option. 

5. When you have finished making your changes, click OK. 



see more 70-411 - Administering Windows Server 2012