How to pass Microsoft 70-411 Real Exam in 24 Hours [test preparation 169-180]

70-411 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

https://www.exambible.com/70-411-exam/

Product Description:
Exam Number/Code: 70-411
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Free Certification Real IT 70-411 Exam pdf Collection

Question No. 169

You have a server named Server 1. 

You enable BitLocker Drive Encryption (BitLocker) on Server 1. 

You need to change the password for the Trusted Platform Module (TPM) chip. 

What should you run on Server1? 

A. Manage-bde.exe 

B. Set-TpmOwnerAuth 

C. bdehdcfg.exe 

D. tpmvscmgr.exe 

Answer:

Explanation: 

The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry. 

Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value. 


Question No. 170

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. 

You need to configure Windows Server Update Services (WSUS) to support Secure Sockets Layer (SSL). 

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) 

A. From Internet Information Services (IIS) Manager, modify the connection strings of the WSUS website. 

B. Install a server certificate. 

C. Run the wsusutil.exe command. 

D. Run the iisreset.exe command. 

E. From Internet Information Services (IIS) Manager, modify the bindings of the WSUS website. 

Answer: B,C,E 

Explanation: 

Certificate needs to be installed to IIS, Bindings modifies and wsusutil run. 

1. First we need to request a certificate for the WSUS web site, so open IIS, click the server 

name, then open Server Certificates. 

On the Actions pane click Create Domain Certificate. 

2. To add the signing certificate to the WSUS Web site in IIS 7.0 

On the WSUS server, open Internet Information Services (IIS) Manager. 

Expand Sites, right-click the WSUS Web site, and then click Edit Bindings. 

In the Site Binding dialog box, select the https binding, and click Edit to open the Edit Site 

Binding dialog box. 

Select the appropriate Web server certificate in the SSL certificate box, and then click OK. 

Click Close to exit the Site Bindings dialog box, and then click OK to close Internet 

Information Services (IIS) Manager. 

3. WSUSUtil.exe configuressl<FQDN of the software update point site system> (the name 

in your certificate) 

WSUSUtil.exe configuressl<Intranet FQDN of the software update point site system>. 

4. The next step is to point your clients to the correct url, by modifying the existing GPO or 

creating a new one. Open the policy Specify intranet Microsoft update service location and 

type the new url in the form https: //YourWSUSserver. 

The gpupdate /force command will just download all the GPO’s and re-apply them to the client, it won’t force the client to check for updates. For that you need to use wuauclt /resetautorization /detectnow followed by wuauclt /reportnow 

References: 

http: //technet. microsoft. com/en-us/library/bb680861. aspx 

http: //technet. microsoft. com/en-us/library/bb633246. aspx 

http: //www. vkernel. ro/blog/configure-wsus-to-use-ssl 


Question No. 171

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed. 

An administrator creates a RADIUS client template named Template1. 

You create a RADIUS client named Client1 by using Template 1. 

You need to modify the shared secret for Client1. 

What should you do first? 

A. Configure the Advanced settings of Template1. 

B. Set the Shared secret setting of Template1 to Manual. 

C. Clear Enable this RADIUS client for Client1. 

D. Clear Select an existing template for Client1. 

Answer:

Explanation: 

Clear checkmark for Select an existing template in the new client wizard. 

In New RADIUS Client, in Shared secret, do one of the following: 

Bullet Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the RADIUS client. Retype the shared secret in Confirm shared secret. 




Question No. 172

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. 

Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection. 

You need to minimize the amount of processor resources consumed by DFS Replication. 

What should you do? 

A. Modify the replication schedule. 

B. Modify the staging quota. 

C. Disable Remote Differential Compression (RDC). 

D. Reduce the bandwidth usage. 

Answer:

Explanation: 

Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files. 

Question tells it uses a high-speed LAN connection. 

References: http: //technet. microsoft. com/en-us/library/cc758825%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc754229. aspx 


Question No. 173

Your network contains an Active Directory domain named contoso.com. The domain 

contains a server named Server1 that runs Windows Server 2008 R2. 

You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs). 

You have a Windows image file named file1.wim. 

You need to add an image of a volume to file1.wim. 

What should you do? 

A. Run imagex.exe and specify the /append parameter. 

B. Run imagex.exe and specify the /export parameter. 

C. Run dism.exe and specify the /image parameter. 

D. Run dism.exe and specify the /append-image parameter. 

Answer:

Explanation: The Deployment Image Servicing and Management (DISM) tool is a command-line tool that enables the creation of Windows image (.wim) files for deployment in a manufacturing or corporate IT environment. The /Append-Image option appends a volume image to an existing .wim file allowing you to store many customized Windows images in a fraction of the space. When you combine two or more Windows image files into a single .wim, any files that are duplicated between the images are only stored once. 

Incorrect: 

Not A, Not B: Imagex has been retired and replaced by dism. 

Reference: Append a Volume Image to an Existing Image Using DISM 

https://technet.microsoft.com/en-us/library/hh824916.aspx 


Question No. 174

HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 

You have a client named Client1 that is configured as an 802. IX supplicant. 

You need to configure Server1 to handle authentication requests from Client1. The solution must minimize the number of authentication methods enabled on Server1. 

Which authentication method should you enable? To answer, select the appropriate authentication method in the answer area. 


Answer: 



Question No. 175

HOTSPOT 

You have a server named Server1 that has the Network Policy and Access Services server role installed. 

You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections. 

You obtain a certificate for NPS. 

You need to ensure that NPS can perform certificate-based authentication. 

To which store should you import the certificate? 

To answer, select the appropriate store in the answer area. 


Answer: 



Question No. 176

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

Server1 has the following role services installed: 

. DirectAccess and VPN (RRAS) 

. Network Policy Server 

Remote users have client computers that run either Windows XP, Windows 7, or Windows 8. 

You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. 

What should you configure on Server1? 

A. A condition of a Network Policy Server (NPS) network policy 

B. A constraint of a Network Policy Server (NPS) network policy 

C. a condition of a Network Policy Server (NPS) connection request policy 

D. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy 

Answer:

Explanation: 

If you want to configure the Operating System condition, click Operating System, and then click Add. In Operating System Properties, click Add, and then specify the operating system settings that are required to match the policy. 

The Operating System condition specifies the operating system (operating system version or service pack number), role (client or server), and architecture (x86, x64, or ia64) required for the computer configuration to match the policy. 


Question No. 177

Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site. 

The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office. 

You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1 has a folder target in each office. 

You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Set the Ordering method of \\contoso.com\public to Random order. 

B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets. 

C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost. 

D. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client's site. 

E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost. 

F. Set the Ordering method of \\contoso.com\public to Lowest cost. 

Answer: C,D 

Explanation: 

Exclude targets outside of the client's site In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set to "First among all targets" or "Last among all targets" are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client's site. Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target. 


Question No. 178

Your network contains an Active Directory domain named contoso.com. All domain 

controllers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. 

A server named Server1 is a DNS server that runs a UNIX-based operating system. 

You plan to use Server1 as a secondary DNS server for the contoso.com zone. 

You need to ensure that Server1 can host a secondary copy of the contoso.com zone. 

What should you do? 

A. From DNS Manager, modify the Advanced settings of DC1. 

B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone. 

C. From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify the contoso.com zone as a target. 

D. From DNS Manager, modify the Security settings of DC1. 

Answer:

Explanation: 

There are two ways that a secondary DNS server can be added. In both scenarios you will need to add the new server to the Forwarders list of the primary Domain Controller. 

1. The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name System (DNS) server. 

2. From the primary server, open DNS Manager, right click on the server name and select Properties. Click on the Forwarders tab and click the Edit button in the middle of the dialogue box. 


Question No. 179

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed. 

You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard. 

You need to ensure that you can configure the VPN enforcement method on Server1 successfully. 

What should you install on Server1 before you run the Configure NAP wizard? 

A. A system health validator (SHV) 

B. The Host Credential Authorization Protocol (HCAP) 

C. A computer certificate 

D. The Remote Access server role 

Answer:

Explanation: 

Configure NAP enforcement for VPN 

This checklist provides the steps required to deploy computers with Routing and Remote 

Access Service installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection (NAP). 




Question No. 180

HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed. 

Server1 and Server2 are configured as replica servers that use Server3 as an upstream server. 

You remove Servers from the network. 

You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft. 

Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area. 



Answer: