Free VCE and PDF Exam Dumps from PassLeader
Vendor: Microsoft Exam Code: 70-411 Exam Name: Administering Windows Server 2012 R2 Exam Question 161 -- Question 200 Visit PassLeader and Download Full Version 70-411 Exam Dumps QUESTION 161 Your network contains an Active Directory domain named contoso.com. The domain does not contain a certification authority (CA). All servers run Windows Server 2012 R2. All client computers run Windows 8. You need to add a data recovery agent for the Encrypting File System (EFS) to the domain. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. E. F.
From Windows PowerShell, run Get-Certificate. From the Default Domain Controllers Policy, select Create Data Recovery Agent. From the Default Domain Policy, select Add Data Recovery Agent. From a command prompt, run cipher.exe. From the Default Domain Policy, select Create Data Recovery Agent. From the Default Domain Controllers Policy, select Add Data Recovery Agent.
Answer: AC Explanation: A. Submits a certificate request to an enrollment server and installs the response or retrieves a certificate for a previously submitted request. C. Add agent to default domain policy http://technet.microsoft.com/en-us/library/hh848632(v=wps.620).aspx http://technet.microsoft.com/en-us/library/dd875560(v=ws.10).aspx#BKMK_proc_dra http://windowsitpro.com/systems-management/how-can-i-add-user-efs-recovery-agent-domain QUESTION 162 Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader
The domain contains two global groups named Group1 and Group2. You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. E. F.
Remove the Deny permission for Group1 from Folder1. Deny Group2 permission to Folder1. Install a domain controller that runs Windows Server 2012 R2. Create a conditional expression. Deny Group2 permission to Share1. Deny Group1 permission to Share1.
Answer: AD Explanation: * Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditional access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment. http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccesscontrol-en-us.aspx QUESTION 163 You have 20 servers that run Windows Server 2012 R2. 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. E.
New-OBPolicy New-OBRetentionPolicy Add-OBFileSpec Start-OBRegistration Set OBMachineSetting
Answer: DE Explanation: D: Start-OBRegistration Registers the current computer with Windows Azure Online Backup using the credentials (username and password) created during enrollment. E: The Set-OBMachineSettingcmdlet sets aOBMachineSetting object for the server that includes proxy server settings for accessing the internet, network bandwidth throttling settings, and the encryption passphrase that is required to decrypt the files during recovery to another server. Incorrect: Not C: TheAdd-OBFileSpeccmdlet adds theOBFileSpecobject, which specifies the items to include or exclude from a backup, to the backup policy (OBPolicyobject). TheOBFileSpecobject can include or exclude multiple files, folders, or volumes. http://technet.microsoft.com/en-us/library/hh770416(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770425(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770424.aspx http://technet.microsoft.com/en-us/library/hh770398.aspx http://technet.microsoft.com/en-us/library/hh770409.aspx QUESTION 164 You have 30 servers that run Windows Server 2012 R2. All of the servers are backed up daily by using Windows Azure Online Backup. You need to perform an immediate backup of all the servers to Windows Azure Online Backup. Which Windows PowerShell cmdlets should you run on each server? A. B. C. D.
Start-OBRegistration | Start-OBBackup Get-OBPolicy | Start-OBBackup Get-WBBackupTarget | Start-WBBackup Get-WBPolicy | Start-WBBackup
Answer: B Explanation: A. starts a backup job using a policy B. Registers the current computer to Windows Azure Backup. C. Not using Azure D. Not using Azure http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770426.aspx http://technet.microsoft.com/en-us/library/hh770398.aspx QUESTION 165 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader Server1 has the File Server Resource Manager role service installed. You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that a user named User1 receives an email notification when the threshold is exceeded. What should you do? A. B. C. D.
Configure the File Server Resource Manager Options. Modify the members of the Performance Log Users group. Create a performance counter alert. Create a classification rule.
Answer: A Explanation: A. When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they have attempted to save files that have been blocked B. Members of this group can manage performance counters, logs and alerts on the server locally and from remote clients without being a member of the Administrators group. C. You can set an alert on a counter, thereby defining that a message be sent, a program be run, 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader an entry made to the application event log, or a log be started when the selected counter's value exceeds or falls below a specified setting. D. File Classification Infrastructure provides insight into your data by automating classification processes so that you can manage your data more effectively. You can classify files and apply policies based on this classification. Example policies include dynamic access control for restricting access to files, file encryption, and file expiration. Files can be classified automatically by using file classification rules or manually by modifying the properties of a selected file or folder. http://technet.microsoft.com/en-us/library/cc756031(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc785098(v=ws.10).aspx http://technet.microsoft.com/en-us/library/bb490759.aspx http://technet.microsoft.com/en-us/library/hh831701.aspx QUESTION 166 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Server1 has a folder named Folder1 that is used by the sales department. You need to ensure that an email notification is sent to the sales manager when a File Screening Audit report is generated. What should you configure on Server1? A. B. C. D.
A file screen exception A file group A storage report task A file screen
Answer: C Explanation: A. A file screen exception is a special type of file screen that overrides any file screening that would otherwise apply to a folder and all its subfolders in a designated exception path. That is, it creates an exception to any rules derived from a parent folder. B. A file group is used to define a namespace for a file screen, file screen exception, or Files by File Group storage report. C. file screening report will identify individuals or applications that violate file screening policy, To set e-mail notifications and certain reporting capabilities, you must first configure the general File Server Resource Manager options. D. Control the types of files that users can save http://technet.microsoft.com/en-us/library/cc730822.aspx http://technet.microsoft.com/en-us/library/cc770594.aspx http://technet.microsoft.com/en-us/library/cc771212.aspx http://technet.microsoft.com/en-us/library/cc732074.aspx http://technet.microsoft.com/en-us/library/cc755988.aspx QUESTION 167 Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role. The DFS Namespaces role service, and the DFS Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are separated by a low-speed WAN connection. You need to limit the amount of bandwidth that DFS can use to replicate between Server1 and Server2. What should you modify? A. The referral ordering of the namespace 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader B. The cache duration of the namespace C. The schedule of the replication group D. The staging quota of the replicated folder Answer: C Explanation: A. A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets in the namespace. You can adjust how long clients cache a referral before requesting a new one. B. DFS Replication uses staging folders for each replicated folder to act as caches for new and changed files that are ready to be replicated from sending members to receiving members. C. A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target. D. Scheduling allows less bandwidth the by limiting the time interval of the replication http://technet.microsoft.com/en-us/library/cc771251.aspx http://technet.microsoft.com/en-us/library/cc754229.aspx http://technet.microsoft.com/en-us/library/cc732414.aspx http://technet.microsoft.com/en-us/library/cc753923.aspx QUESTION 168 You have five servers that run Windows Server 2012 R2. The servers have the Failover Clustering feature installed. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles. Dynamic quorum management is disabled. You plan to perform hardware maintenance on Server3. You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Servers, the cluster resource will remain available in Site1. What should you do? A. B. C. D.
Add a file share witness in Site1. Remove the node vote for Server3. Remove the node vote for Server4 and Server5. Enable dynamic quorum management.
Answer: C QUESTION 169 Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader
On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1. You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1. What should you configure? A. B. C. D.
The Audit File System setting of Servers GPO The Sharing settings of C:\Share1 The Security settings of C:\Share1 The Audit File Share setting of Servers GPO
Answer: C Explanation: Access to objects, such as files and folders can be audited using the advanced security setting auditing tab on Share1 and adding Group1 and selecting the delete check box http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-44778014-f2eb10f3f10f/ QUESTION 170 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Server1 has a folder named Folder1 that is used by the human resources department. You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1. What should you configure on Server1? A. B. C. D.
A file screen A file screen exception A file group A storage report task
Answer: A Explanation: A. Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files B. A file screen exception is a special type of file screen that overrides any file screening that would otherwise apply to a folder and all its subfolders in a designated exception path. That is, it creates an exception to any rules derived from a parent folder. C. File are a group of file classified by extension (i.e. Images: ,jpg, .gif, etc..) D. Create reports based on file use http://technet.microsoft.com/en-us/library/cc732074.aspx http://technet.microsoft.com/enus/library/cc730822.aspx http://technet.microsoft.com/en-us/library/cc755988(v=ws.10).aspx QUESTION 171 Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection. You need to minimize the amount of processor resources consumed by DFS Replication. What should you do? A. B. C. D.
Reduce the bandwidth usage. Disable Remote Differential Compression (RDC). Modify the staging quota. Modify the replication schedule.
Answer: B Explanation: Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files. Question tells it uses a high-speed LAN connection. http://technet.microsoft.com/en-us/library/cc758825%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc754229.aspx QUESTION 172 Your company has a main office and two branch offices. The main office is located in New York. The branch offices are located in Seattle and Chicago. The network contains an Active Directory domain named contoso.com. 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader An Active Directory site exists for each office. Active Directory site links exist between the main office and the branch offices. All servers run Windows Server 2012 R2. The domain contains three file servers. The file servers are configured as shown in the following table.
You implement a Distributed File System (DFS) replication group named Rep1Group. Rep1Group is used to replicate a folder on each file server. Rep1Group uses a hub and spoke topology. NYC-SVR1 is configured as the hub server. You need to ensure that replication can occur if NYC-SVR1 fails. What should you do? A. B. C. D.
Create an Active Directory site link. Modify the properties of Rep1Group. Create an Active Directory site link bridge. Create a connection in Rep1lGroup.
Answer: D Explanation: http://faultbucket.ca/2012/08/fixing-a-dfsr-connection-problem/ http://faultbucket.ca/2012/08/fixinga-dfsr-connection-problem/ http://technet.microsoft.com/en-us/library/cc771941.aspx QUESTION 173 You have a server named Server1 that runs Windows Server 2012 R2. You plan to create an image of Server1. You need to remove the source files for all server roles that are not installed on Server1. Which tool should you use? A. B. C. D.
Ocsetup.exe Servermanagercmd.exe Imagex.exe Dism.exe
Answer: D Explanation: servermanagercmd.exe - The ServerManagerCmd.exe command-line tool has been deprecated in WindowsServer 2008 R2. imagex.exe - ImageX is a command-line tool in Windows Vista that you can use to create and manageWindows image (.wim) files. A .wim file contains one or more volume images, disk volumes that containimages of an installed Windows operating system. dism.exe - Deployment Image Servicing and Management (DISM.exe) is a command-line tool that canbe used to service a Windows?image or to prepare a Windows Preinstallation Environment (WindowsPE) image. It replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg that were included inWindows Vista? The functionality that was included in these tools is now consolidated in one tool(DISM.exe), and new functionality has been added to improve the experience for offline servicing. DISMcan Add, remove, and enumerate packages. ocsetup.exe - The Ocsetup.exe tool is used as a wrapper for Package Manager (Pkgmgr.exe) and for WindowsInstaller (Msiexec.exe). Ocsetup.exe is a command-line utility that can be used to perform scripted installs andscripted uninstalls of Windows 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader optional components. The Ocsetup.exe tool replaces the Sysocmgr.exe tool thatWindows XP and Windows Server 2003i use.
http://technet.microsoft.com/en-us/library/hh824822.aspx http://blogs.technet.com/b/joscon/archive/2010/08/26/adding-features-with-dism.aspx http://technet.microsoft.com/en-us/library/hh831809.aspx http://technet.microsoft.com/en-us/library/hh825265.aspx QUESTION 174 Your domain has contains a Windows 8 computer name Computer1 using BitLocker. The E:\ drive is encrypted and currently locked. You need to unlock the E:\ drive with the recovery key stored on C:\ What should you run? A. B. C. D.
Unlock-BitLocker Suspend-BitLocker Enable-BitLockerAutoUnloc Disable-BitLocker
Answer: A Explanation: A. Restores access to data on a BitLocker volume. http://technet.microsoft.com/en-us/library/jj649833(v=wps.620).aspx QUESTION 175 Your network contains and active Directory domain named contoso.com. The doman contains a server named Server1 that runs Windows Server 2012 R2 A local account named Admin1 is a member of the Administrators group on Server1. You need to generate an audit event whenever Admin1 is denied access to a file or folder. What should you run? A. B. C. D.
auditpol.exe /set /user:admin1 /category:"detailed tracking" /failure:enable auditpol.exe /set/user:admin1 /failure:enable auditpol.exe /resourcesacl /set /type:keyauditpol.exe /resourcesacl /set /type: /access:ga auditpol.exe /resourcesacl /set /type:file /user:admin1 /failure
Answer: D Explanation: http://technet.microsoft.com/en-us/library/ff625687.aspx set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders: auditpol /resourceSACL /set /type:File /user:MYDOMAINmyuser /success /failure /access:FRFW http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx Syntax auditpol /resourceSACL [/set /type:<resource> [/success] [/failure] /user:<user> [/access:<access flags>]] [/remove /type:<resource> /user:<user> [/type:<resource>]] [/clear [/type:<resource>]] 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader [/view [/user:<user>] [/type:<resource>]] http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/ff625687.aspx http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx QUESTION 176 Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1. What should you do? A. B. C. D.
In Servers GPO, modify the Advanced Audit Configuration settings. On Server1, attach a task to the security log. In Servers GPO, modify the Audit Policy settings. On Server1, attach a task to the system log.
Answer: A Explanation: When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings. The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings. Enabling Advanced Audit Policy Configuration Basic and advanced audit policy configurations should not be mixed. As such, it's best practice to enable Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found under Computer Configuration\Policies\Security Settings\Local Policies\Security Options, and sets the SCENoApplyLegacyAuditPolicy registry key to prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in. In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously, there were nine basic auditing settings under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. These 53 new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity. Audit Policy settings Any changes to user account and resource permissions. Any failed attempts for user logon. Any failed attempts for resource access. Any modification to the system files. Advanced Audit Configuration SettingsAudit compliance with important business-related and security-related rules by tracking precisely defined activities, such as: A group administrator has modified settings or data on servers that contain finance information. An employee within a defined group has accessed an important file. The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access. In Servers GPO, modify the Audit Policy settings - enabling audit account management setting will generate events about account creation, deletion and so on. Advanced Audit Configuration SettingsAdvanced Audit Configuration Settings ->Audit Policy -> Account Management -> Audit User Account Management
In Servers GPO, modify the Audit Policy settings - enabling audit account management setting will generate events about account creation, deletion and so on. 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader
http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-accountdeletion-in-active-directory.aspx http://technet.microsoft.com/en-us/library/dd772623%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx#BKMK_step2 QUESTION 177 You have 3 server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.
You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails. What should you create? A. B. C. D. E.
A storage pool on Disk 2 and Disk 3 A mirrored volume on Disk 2 and Disk 3 A storage pool on Disk 1 and Disk 3 A mirrored volume on Disk l and Disk 4 Raid 5 Volume out of Disks 1, 2 and 3
Answer: B Explanation: A. Storage pool can't use Dynamic disk 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader B. Mirrored volume will be > 3Tb C. Storage pool can't use Dynamic disk D. is impossible, we need 3Tb of disk space E. Raid5 need to be on dynamic disk QUESTION 178 You perform a Server Core Installation of Windows Server 2012 R2 on a server named Server1. You need to add a graphical user interface (GUI) to Server1. Which tool should you use? A. B. C. D.
the Add-WindowsPackagecmdlet the Add-WindowsFeaturecmdlet the Install-Module cmdlet the Install-RoleServicecmdlet
Answer: B QUESTION 179 Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet. You implement DirectAccess by using the default configuration. You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com. Which settings should you configure in a Group Policy object (GPO)? A. B. C. D.
Name Resolution Policy DNS Client Network Connections DirectAccess Client Experience Settings
Answer: A Explanation: For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, .internal.contoso.com or .corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers. Include all intranet DNS namespaces that you want DirectAccess client computers to access. There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy. QUESTION 180 You have a DNS server named Server1. Server1 has a primary zone named contoso.com. Zone Aging/ Scavenging is configured for the contoso.com zone. One month ago, an Administrator removed a server named Server2 from the network. You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com. You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com. 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader What should you modify? A. B. C. D.
The Security settings of the static resource records The Expires after value of contoso.com The Record time stamp value of the static resource records The time-to-live (TTL) value of the static resource records
Answer: C Explanation: C. reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged. D. For most resource records, this field is optional. It indicates a length of time used by other DNS servers to determine how long to cache information for a record before expiring and discarding it. http://technet.microsoft.com/en-us/library/cc771677.aspx http://technet.microsoft.com/en-us/library/cc758321(v=ws.10).aspx QUESTION 181 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443. What should you modify? To answer, select the appropriate object in the answer area.
Answer:
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader
Explanation: http://technet.microsoft.com/en-us/library/cc771298(v=ws.10).aspx Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. QUESTION 182 Your network contains two Active Directory domains named contoso.com and adatum.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone. You need to configure Server1 to resolve names in the adatum.com domain. The solution must meet the following requirements: - Prevent the need to change the configuration of the current name servers that host zones for adatum.com. - Minimize Administrative effort. Which type of zone should you create? A. B. C. D.
Primary Secondary Reverse lookup Stub
Answer: D Explanation: A. When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS. B. When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader remote DNS server computer that also hosts the zone C. clients use a known IP address and look up a computer name based on its address. A reverse lookup takes the form of a question, such as "Can you tell me the DNS name of the computer that uses the IP address 192.168.1.20?" D. When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. - Prevents Change to current zone http://technet.microsoft.com/en-us/library/cc771898.aspx http://technet.microsoft.com/en-us/library/cc730980.aspx QUESTION 183 Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. On Server1, you create a standard primary zone named contoso.com. You need to ensure that Server2 can host a secondary zone for contoso.com. What should you do from Server1? A. B. C. D.
Add Server2 as a name server. Convert contoso.com to an Active Directory-integrated zone. Create a zone delegation that points to Server2. Create a trust anchor named Server2.
Answer: A Explanation: A. You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server's IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list. B. Instead of adding standard secondary DNS servers, you can convert the server from a primary DNS server to an Active Directory Integrated Primary server and configure another domain controller to be a DNS server C. You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone. http://technet.microsoft.com/en-us/library/cc770984.aspx http://support.microsoft.com/kb/816101 http://technet.microsoft.com/en-us/library/cc753500.aspx http://technet.microsoft.com/en-us/library/cc771640(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee649280(v=ws.10).aspx QUESTION 184 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named Policy1. You need to configure Policy1 to apply only to VPN connections that use the L2TP protocol. What should you configure in Policy1? A. B. C. D.
The Tunnel Type The Service Type The NAS Port Type The Framed Protocol
Answer: A Explanation: 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader A. Restricts the policy to only clients that create a specific type of tunnel, such as PPTP or L2TP. B. Restricts the policy to only clients specifying a certain type of service, such as Telnet or Point to Point Protocol connections. C. Allows you to specify the type of media used by the client computer to connect to the network. D. Restricts the policy to clients that specify a certain framing protocol for incoming packets, such as PPP or SLIP.
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx QUESTION 185 Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1. You need to deploy a VPN connection to all users. What should you configure from User Configuration in GPO1? A. B. C. D.
Preferences/Control Panel Settings/Network Options Policies/Administrative Templates/Windows Components/Windows Mobility Center Policies/Administrative Templates/Network/Windows Connect Now Policies/Administrative Templates/Network/Network Connections
Answer: A Explanation: The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension. http://technet.microsoft.com/en-us/library/cc772449.aspx QUESTION 186 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU. A Group Policy object (GPO) named GPO1 is linked to Sales_OU. You need to configure a dial-up connection for all of the sales users. What should you configure from User Configuration in GPO1?
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader A. B. C. D.
Policies/Administrative Templates/Network/Windows Connect Now Policies/Administrative Templates/Windows Components/Windows Mobility Center Preferences/Control Panel Settings/Network Options Policies/Administrative Templates/Network/Network Connections
Answer: C Explanation: http://technet.microsoft.com/en-us/library/cc772107.aspx QUESTION 187 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-core processors and 16 GB of RAM. You install the Hyper-V server role in Server1. You plan to create two virtual machines on Server1. You need to ensure that both virtual machines can use up to 8 GB of memory. The solution must ensure that both virtual machines can be started simultaneously. What should you configure on each virtual machine? A. B. C. D.
Dynamic Memory NUMA topology Memory weight Ressource Control
Answer: A QUESTION 188 Your network contains an Active Directory domain named corp.contoso.com. The domain contains a domain controller named DC1. When you run ping dcl.corp.contoso.com, you receive the result as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that DC1 can respond to the Ping command. Which rule should you modify? To answer, select the appropriate rule in the answer area.
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader
Answer:
QUESTION 189 You have a server named Server1 that runs Windows Server 2012 R2. You promote Server1 to domain controller. You need to view the service location (SVR) records that Server1 registers on DNS. What should you do on Server1? A. B. C. D.
Open the Srv.sys file Open the Netlogon.dns file Run ipconfig/displaydns Run Get-DnsServerDiagnostics
Answer: B QUESTION 190 Your company has a remote office that contains 600 client computers on a single subnet. You need to select a subnet mask for the network that will support all of the client computers. The solution must minimize the number of unused addresses. Which subnet mask should you select? A. B. C. D.
255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128
Answer: A QUESTION 191 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2. You create a group Managed Service Account named gservice1. You need to configure a service named Service1 to run as the gservice1 account. How should you configure Service1? A. B. C. D.
From Windows PowerShell, run Set-Service and specify the -PassThrough parameter. From a command prompt, run sc.exe and specify the config parameter. From Windows PowerShell, run Set-Service and specify the -StartupType parameter. From a command prompt, run sc.exe and specify the privs parameter.
Answer: B Explanation: A. General settings only allow you to stop, start and set type/paramaters B. Set-Service provides a way for you to change the Description, StartupType, or DisplayName of a service C. Modifies service configuration D. Sets the response/action on service failure http://windows.microsoft.com/en-us/windows-vista/using-system-configuration http://technet.microsoft.com/en-us/library/ee176963.aspx http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738230(v=ws.10).aspx QUESTION 192 Hotspot Question Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients. You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts. You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers. Which two settings should you configure in GPO1? To answer, select the appropriate two settings in the answer area.
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader
Answer:
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader QUESTION 193 Your network contains an Active Directory domain named contoso.com. All client computers run Windows Vista Service Pack 2 (SP2). All client computers are in an organizational unit (OU) named OU1. All user accounts are in an OU named OU2. All users log on to their client computer by using standard user accounts. A Group Policy object (GPO) named GPO1 is linked to OU1. A GPO named GPO2 is linked to OU2. You need to apply advanced audit policy settings to all of the client computers. What should you do? A. B. C. D.
In GPO1, configure a startup script that runs auditpol.exe. In GPO2, configure a logon script that runs auditpol.exe. In GPO1, configure the Advanced Audit Policy Configuration settings. In GPO2, configure the Advanced Audit Policy Configuration settings.
Answer: A QUESTION 194 You have a server that runs Windows Server 2012 R2. You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012 R2. You plan to apply several updates to Windows2012.vhd. You need to mount Windows2012.vhd to H:\. Which tool should you use? A. B. C. D.
Device Manager Diskpart Mountvol Server Manager
Answer: B Explanation:
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader
http://technet.microsoft.com/en-us/library/cc753321.aspx QUESTION 195 Your network contains two Active Directory domains named contoso.com and adatum.com. The contoso.com domain contains a server named Server1.contoso.com. The adatum.com domain contains a server named server2.adatum.com. Server1 and Server2 run Windows Server 2012 R2 and have the DirectAccess and VPN (RRAS) role service installed. Server1 has the default network policies and the default connection request policies. You need to configure Server1 to perform authentication and authorization of VPN connection requests to Server2. Only users who are members of Adatum\Group1 must be allowed to connect. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.) A. B. C. D.
Network policies Connection request policies Create a network policy. Create a connection request policy.
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader Answer: AD Explanation: * Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. * With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following: The time of day and day of the week The realm name in the connection request The type of connection being requested The IP address of the RADIUS client QUESTION 196 Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2. You need to create a custom Active Directory Application partition. Which tool should you use? A. B. C. D.
Netdom Ntdsutil Dsmod Dsamain
Answer: B Explanation: * To create or delete an application directory partition Open Command Prompt. Type:ntdsutil At the ntdsutil command prompt, type:domain management At the domain management command prompt, type:connection At the server connections command prompt, type:connect to server ServerName At the server connections command prompt, type:quit At the domain management command prompt, do one of the following: * partition management Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS). This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. / partition management create nc %s1 %s2 Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify "NULL" for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3. Note: * An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. QUESTION 197 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2. The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.) 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader
You need to enable access-based enumeration on the DFS namespace. What should you do first? A. B. C. D.
Install the File Server Resource Manager role service on Server3 and Server5. Raise the domain functional level. Delete and recreate the namespace. Raise the forest functional level.
Answer: C Explanation: Access-based enumeration is only supported on a Domain-based Namespace in Windows Server 2008 Mode. This type of Namespace requires a minimum Windows Server 2003 forest functional level and a minimum Windows Server 2008 domain functional level. The exhibit indicates that the current namespace is a Domain-based Namespace in Windows Server 2000 Mode. To migrate a domain-based namespace from Windows 2000 Server mode to Windows Server 2008 mode, you must export the namespace to a file, delete the namespace, recreate it in Windows Server 2008 mode, and then import the namespace settings. http://msdn.microsoft.com/en-us/library/cc770287.aspx http://msdn.microsoft.com/en-us/library/cc753875.aspx QUESTION 198 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure? A. B. C. D.
The GPO Status GPO links The Enforced setting Security Filtering
Answer: D 70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps
Free VCE and PDF Exam Dumps from PassLeader Explanation: * GPOs cannot be linked directly to users, computers, or security groups. They can only be linked to sites, domains and organizational units. However, by using security filtering, you can narrow the scope of a GPO so that it applies only to a single group, user, or computer. * Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO. Reference: Security filtering using GPMC QUESTION 199 You have a server named Server1 that runs Windows Server 2012 R2. You promote Server1 to a domain controller. You need to view the service location (SRV) records that Server1 registers in DNS. What should you do on Server1? A. B. C. D.
Open the Netlogon.dns file. Open the Srv.sys file. Run ipconfig /displaydns. Run Get-DnsServerDiagnostics.
Answer: A QUESTION 200 Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines. You need to view the amount of memory resources and processor resources each virtual machine uses currently. Which tool should you use on Server1? A. B. C. D.
Windows System Resource Manager (WSRM) Task Manager Resource Monitor Hyper-V Manager
Answer: D
Visit PassLeader and Download Full Version 70-411 Exam Dumps
70-411 Exam Dumps
70-411 Exam Questions
70-411 PDF Dumps
http://www.passleader.com/70-411.html
70-411 VCE Dumps