70-411 guidance(157 to 168) for IT learners: Apr 2016 Edition

70-411 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

Get it now →

Product Description:
Exam Number/Code: 70-411
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-411 Exam pdf Collection

Printable of 70-411 practice exam materials and guidance for Microsoft certification for client, Real Success Guaranteed with Updated 70-411 pdf dumps vce Materials. 100% PASS Administering Windows Server 2012 exam Today!

2016 Apr 70-411 Study Guide Questions:

Q157. Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. 

You create a Password Settings object (PSO) named PSO1. 

You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1. 

What should you do? 

A. From Active Directory Users and Computers, run the Delegation of Control Wizard. 

B. From Active Directory Administrative Center, modify the security settings of PSO1. 

C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1. 

D. From Active Directory Administrative Center, modify the security settings of OU1. 

Answer: B 

Explanation: 

PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs, consider creating global security groups that contain the users from these OUs and then applying the newly defined finegrained password and account lockout policies to them. If you move a user from one OU to another, you must update user memberships in the corresponding global security groups. Go ahead and hit "OK" and then close out of all open windows. Now that you have created a password policy, we need to apply it to a user/group. In order to do so, you must have "write" permissions on the PSO object. We're doing this in a lab, so I'm Domain Admin. Write permissions are not a problem 

1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active Directory Users and Computers). 

2. On the View menu, ensure that Advanced Features is checked. 

3. In the console tree, expand Active Directory Users and Computers\yourdomain\System\Password Settings Container 

4. In the details pane, right-click the PSO, and then click Properties. 

5. Click the Attribute Editor tab. 

6. Select the msDS-PsoAppliesTo attribute, and then click Edit. 


Q158. Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1. 

You create a global group named RODC_Admins. 

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects. 

What should you do? 

A. From Active Directory Sites and Services, run the Delegation of Control Wizard. 

B. From a command prompt, run the dsadd computer command. 

C. From Active Directory Site and Services, configure the Security settings of the R0DC1 server object. 

D. From a command prompt, run the dsmgmt local roles command. 

Answer: D 

Explanation: 

RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt. 


Q159. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table. 


The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtual machine that is hosted on Server1. 

You need to ensure that you can clone DC6. 

Which FSMO role should you transfer to DC2? 

A. Rid master 

B. Domain naming master 

C. PDC emulator 

D. Infrastructure master 

Answer: C 

Explanation: 

The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows 

Server 2012 R2, but it does not have to be running on a hypervisor. 

Reference: 

http: //technet. microsoft. com/en-us/library/hh831734. aspx 


Q160. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

A domain controller named DO has the ADMX Migrator tool installed. You have a custom Administrative Template file on DC1 named Template1.adm. 

You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool. 

Which action should you run first? 

A. Load Template 

B. New Policy Setting 

C. Generate ADMX from ADM 

D. New Category 

Answer: C 

Explanation: 

The ADMX Migrator provides two conversion methods — through the editor or through a command-line program. From the ADMX Editor, choose the option to Generate ADMX from ADM. Browse to your ADM file, and the tool quickly and automatically converts it. You then can open the converted file in the editor to examine its values and properties and modify it if you wish. The ADMX Migrator Command Window is a little more complicated; it requires you to type a lengthy command string at a prompt to perform the conversions. However, it includes some options and flexibility not available in the graphical editor. 


References: http: //technet. microsoft. com/pt-pt/magazine/2008. 02. utilityspotlight%28en-us%29. aspx http: //technet. microsoft. com/pt-pt/magazine/2008. 02. utilityspotlight%28en-us%29. aspx 


pdfcollection.net

Latest 70-411 exams:

Q161. HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. 

You configure Network Access Protection (NAP) on Server1. 

Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly. 

You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time. 

Which two nodes should you configure? 

To answer, select the appropriate two nodes in the answer area. 


Answer: 



Q162. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. You implement DirectAccess. 

You need to view the properties of the DirectAccess connection. 

Which connection properties should you view? To answer, select the appropriate connection properties in the answer area. 


Answer: 



Q163. Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table. 


All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives. 

You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network. 

To which server should you deploy the feature? 

A. Server1 

B. Server2 

C. Server3 

D. Server4 

E. Server5 

Answer: E 

Explanation: 

The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Services role in Server Manager. 


Q164. Your network contains two servers named Served and Server 2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. 

On Server1, you create a standard primary zone named contoso.com. 

You plan to create a standard primary zone for ad.contoso.com on Server2. 

You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2. 

What should you do from Server1? 

A. Create a trust anchor named Server2. 

B. Create a conditional forward that points to Server2. 

C. Add Server2 as a name server. 

D. Create a zone delegation that points to Server2. 

Answer: D 

Explanation: 

You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone. For more information, see Understanding Zone Delegation. 




70-411 pdf

High value 70-411 forum:

Q165. Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named Server1.contoso.com. The adatum.com forest contains a server named server2. adatum.com. Both servers have the Network Policy Server role service installed. 

The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed. 

You plan to configure Server3 as an authentication provider for several VPN servers. 

You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com. 

Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.) 

A. Remediation server groups 

B. Remote RADIUS server groups 

C. Connection request policies 

D. Network policies 

E. Connection authorization policies 

Answer: B,C 

Explanation: 

To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. 


References: http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 


Q166. Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1. 

The network contains a shared folder named FinancialData that contains five files. 

You need to ensure that the FinancialData folder and its contents are copied to all of the client computers. 

Which two Group Policy preferences should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. Shortcuts 

B. Network Shares 

C. Environment 

D. Folders 

E. Files 

Answer: D,E 

Explanation: 

Folder preference items allow you to create, update, replace, and delete folders and their contents. (To configure individual files rather than folders, see Files Extension.) Before you create a Folder preference item, you should review the behavior of each type of action possible with this extension. File preference items allow you to copy, modify the attributes of, replace, and delete files. (To configure folders rather than individual files, see Folders Extension.) Before you create a File preference item, you should review the behavior of each type of action possible with this extension. 


Q167. You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. 

You configure a custom service on VM1 named Service1. 

You need to ensure that VM1 will be moved to a different node if Service1 fails. 

Which cmdlet should you run on Cluster1? 

A. Add-ClusterVmMonitoredItem 

B. Add-ClusterGenericServiceRole 

C. Set-ClusterResourceDependency 

D. Enable VmResourceMetering 

Answer: A 

Explanation: 

The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource. For example, the configuration might specify that the virtual machine be restarted. 


Q168. Your network contains an Active Directory domain named contoso.com. 

A user named User1 creates a central store and opens the Group Policy Management Editor as shown in the exhibit. (Click the Exhibit button.) 


You need to ensure that the default Administrative Templates appear in GPO1. 

What should you do? 

A. Link a WMI filter to GPO1. 

B. Copy files from %Windir%\Policydefinitions to the central store. 

C. Configure Security Filtering in GPO1. 

D. Add User1 to the Group Policy Creator Owners group. 

Answer: B 

Explanation: 

In earlier operating systems, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased. 

In Group Policy for Windows Server 2008 and Windows Vista, if you change Administrative template policy settings on local computers, Sysvol will not be automatically updated with the new .admX or .admL files. This change in behavior is implemented to reduce network load and disk storage requirements, and to prevent conflicts between .admX files and.admL files when edits to Administrative template policy settings are made across different locales. To make sure that any local updates are reflected in Sysvol, you must manually copy the updated .admX or .admL files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller. 

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. 

To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location: \\FQDN\SYSVOL\FQDN\policies 

Reference: 

http: //support. microsoft. com/kb/929841 



see more http://www.pdfcollection.net/70-411-pdf.html