[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 161-170

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 161 – (Topic 2)

Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server 2012 R2.

You configure NPS on Server1 to log accounting data to a database on SQL1.

You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost.

What should you do?

  1. Implement Failover Clustering.

  2. Implement database mirroring.

  3. Run the Accounting Configuration Wizard.

  4. Modify the SQL Server Logging properties.

Answer: C Explanation:

In Windows Server 2008 R2, an accounting configuration wizard is added to the Accounting node in the NPS console. By using the Accounting Configuration wizard, you can configure the following four accounting settings:

->SQL logging only. By using this setting, you can configure a data link to a SQL

Server that allows NPS to connect to and send accounting data to the SQL server. In addition, the wizard can configure the database on the SQL Server to ensure that the database is compatible with NPS SQL server logging.

->Text logging only. By using this setting, you can configure NPS to log accounting

data to a text file.

->Parallel logging. By using this setting, you can configure the SQL Server data link and database. You can also configure text file logging so that NPS logs simultaneously to the text file and the SQL Server database.

->SQL logging with backup. By using this setting, you can configure the SQL Server data link and database. In addition, you can configure text file logging that NPS uses if SQL Server logging fails.

Question No: 162 HOTSPOT – (Topic 2)

You have a file server named Server1 that runs Windows Server 2012 R2.

A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.

On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

To answer, complete each statement according to the information presented in the exhibit.

Each correct selection is worth one point.

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Question No: 163 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2.

You add a VPN server named Server2 to the network. On Server1, you create several network policies.

You need to configure Server1 to accept authentication requests from Server2. Which tool should you use on Server1?

  1. Server Manager

  2. Routing and Remote Access

  3. New-NpsRadiusClient

  4. Connection Manager Administration Kit (CMAK)

Answer: C Explanation:

New-NpsRadiusClient -Name quot;NameOfMyClientGroupquot; -Address quot;10.1.0.0/16quot; – AuthAttributeRequired 0 -NapCompatible 0 -SharedSecret quot;SuperSharedSecretxyzquot; – VendorName quot;RADIUS Standardquot;

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Reference:

http: //technet. microsoft. com/en-us/library/hh918425(v=wps. 620). aspx http: //technet. microsoft. com/en-us/library/jj872740(v=wps. 620). aspx http: //technet. microsoft. com/en-us/library/dd469790. aspx

Question No: 164 HOTSPOT – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.

An administrator creates a Network Policy Server (NPS) network policy named Policy1. You need to ensure that Policy1 applies to L2TP connections only.

Which condition should you modify?

To answer, select the appropriate object in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Question No: 165 – (Topic 2)

Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.

You need to identify which user accounts were authenticated by RODC1. Which cmdlet should you use?

  1. Get-ADGroupMember

  2. Get-ADDomainControllerPasswordReplicationPolicy

  3. Get-ADDomainControllerPasswordReplicationPolicyUsage

  4. Get-ADDomain

  5. Get-ADOptionalFeature

  6. Get-ADAccountAuthorizationGroup

Answer: B

Explanation: Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.

Reference: Get-ADDomainControllerPasswordReplicationPolicyUsage https://technet.microsoft.com/en-us/library/ee617194.aspx

Question No: 166 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 is a DNS server for contoso.com. The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server.

You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.

What should you configure?

  1. The workgroup name of Server1

  2. The Security settings of the contoso.com zone

  3. The Dynamic updates setting of the contoso.com zone

  4. The primary DNS suffix of Server1

Answer: D Explanation:

When any computer or a standalone server is added to a domain as a member, the network identifies that computer with its Fully Qualified Domain Name or FQDN. A Fully Qualified Domain Name consist of a hostname and the DNs suffix separated by a “. ” called period. An example for this can be server01. msftdomain.com where “server01 is the hostname of the computer and “msftdomain.com” is the DNS suffix which follows the hostname. A complete FQDN of a client computer or a member server uniquely identifies that computer in the entire domain.

Primary DNS suffix must manually be added in Windows 8 computer to change its hostname to Fully Qualified Domain Name so that it becomes eligible to send queries and receive responses from the DNS server. Following are the steps which can be implemented to add primary DNS suffix to a Windows 8 computer hostname:

->Log on to Windows 8 computer with administrator account.

->From the options available on the screen click Control Panel.

->On the opened window click More Settings from the left pane.

->On the next window click System and Security category and on the appeared window click System.

->On View basic information about your computer window click Change settings under Computer name, domain, and workgroup settings section.

->On System Properties box make sure that Computer Name tab is selected and click Change button.

->On Computer Name/Domain Changes box click More button.

->On DNS Suffix and NetBIOS Computer Name box type in the DNS domain name as the DNS suffix to the Windows 8 computer under Primary DNS suffix of this computer field.

->Click Ok button on all the boxes and restart the computer to allow changes to take effect.

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

For years, Windows DNS has supported dynamic updates, whereas a DNS client host registers and dynamically updates the resource records with a DNS server. If a host’s IP address changes, the resource record (particularly the A record) for the host is automatically updated, while the host utilizes the DHCP server to dynamically update its Pointer (PTR) resource record. Therefore, when a user or service needs to contact a client PC, it can look up the IP address of the host. With larger organizations, this becomes an essential feature, especially for clients that frequently move or change locations and use DHCP to automatically obtain an IP address. For dynamic DNS updates to succeed, the zone must be configured to accept dynamic updates:

Ensurepass 2017 PDF and VCE

References:

http: //technet. microsoft. com/en-us/library/cc778792(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/cc778792(v=ws. 10). aspx http: //www. advicehow. com/adding-primary-dns-suffix-in-microsoft-windows-8/ http: //technet. microsoft. com/en-us/library/cc959611. aspx

Question No: 167 – (Topic 2)

You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com.

You need to specify the email address of the person responsible for the zone. Which type of DNS record should you configure?

  1. Start of authority (SOA)

  2. Host information (HINFO)

  3. Mailbox (MB)

  4. Mail exchanger (MX)

Answer: A Explanation:

A SOA-record defines the responsible person for an entire zone, but a zone may contain many individual hosts / domain names for which different people are responsible. The RP- record type makes it possible to identify the responsible person for individual host names contained within the zone.

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Question No: 168 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

You need to ensure that a user named User1 receives an email notification when the threshold is exceeded.

What should you do?

  1. Create a performance counter alert.

  2. Create a classification rule.

  3. Modify the members of the Performance Log Users group.

  4. Configure the File Server Resource Manager Options.

Answer: D Explanation:

When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they have attempted to save files that have been blocked. If you want to routinely notify certain administrators of quota and file screening events, you can configure one or more default recipients.

To send these notifications, you must specify the SMTP server to be used for forwarding the e-mail messages.

To configure e-mail options

In the console tree, right-click File Server Resource Manager, and then click Configure options. The File Server Resource Manager Options dialog box opens.

Ensurepass 2017 PDF and VCE

On the E-mail Notifications tab, under SMTP server name or IP address, type the host name or the IP address of the SMTP server that will forward e-mail notifications.

If you want to routinely notify certain administrators of quota or file screening events, under Default administrator recipients, type each e-mail address.

Use the format account@domain. Use semicolons to separate multiple accounts. To test your settings, click Send Test E-mail.

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Question No: 169 – (Topic 2)

You have a server named Server1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1.

You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.

Which type of data collector should you create?

  1. A performance counter alert

  2. A configuration data collector

  3. A performance counter data collector

  4. An event trace data collector

Answer: A Explanation:

Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid unnecessary alerts.

Ensurepass 2017 PDF and VCE

Question No: 170 DRAG DROP – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.

You need to create an Active Directory snapshot on DC1. Which four commands should you run?

To answer, move the four appropriate commands from the list of commands to the answer area and arrange them in the correct order.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Box 1: ntdsutil

Box 2: snapshot

Box 3: activate instance ntds Box 4: create

Note:

Create a snapshot of AD DS in Windows Server 2012 R2 by using NTDSUTIL

1 – On the domain server, open command prompt and type ntdsutil and press Enter. 2- Next, type snapshot and press Enter.

  1. – Next, type activate instance ntds and press Enter.

  2. – Next, type create (this create command is to generate a snapshot of my AD) and press Enter.

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 151-160

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 151 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2.

You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs). You have a Windows image file named file1.wim.

You need to add an image of a volume to file1.wim. What should you do?

  1. Run imagex.exe and specify the /append parameter.

  2. Run imagex.exe and specify the /export parameter.

  3. Run dism.exe and specify the /image parameter.

  4. Run dism.exe and specify the /append-image parameter.

Answer: D

Explanation: The Deployment Image Servicing and Management (DISM) tool is a command-line tool that enables the creation of Windows image (.wim) files for deployment in a manufacturing or corporate IT environment. The /Append-Image option appends a volume image to an existing .wim file allowing you to store many customized Windows images in a fraction of the space. When you combine two or more Windows image files into

a single .wim, any files that are duplicated between the images are only stored once.

Incorrect:

Not A, Not B: Imagex has been retired and replaced by dism.

Reference: Append a Volume Image to an Existing Image Using DISM https://technet.microsoft.com/en-us/library/hh824916.aspx

Question No: 152 HOTSPOT – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.

Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.

You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.

Which two nodes should you configure from the Network Policy Server console? To answer, select the appropriate two nodes in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Question No: 153 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

You enable and configure Routing and Remote Access (RRAS) on Server1. You create a user account named User1.

You need to ensure that User1 can establish VPN connections to Server1. What should you do?

  1. Modify the members of the Remote Management Users group.

  2. Add a RADIUS client.

  3. Modify the Dial-in setting of User1.

  4. Create a connection request policy.

Answer: C Explanation:

Access permission is also granted or denied based on the dial-in properties of each user account.

http://technet.microsoft.com/en-us/library/cc772123.aspx

Question No: 154 – (Topic 2)

Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com.

All servers dynamically register their host names.

You install three new Web servers that host identical copies of your company#39;s intranet website. The servers are configured as shown in the following table.

Ensurepass 2017 PDF and VCE

You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the three Web servers.

What is the minimum number of DNS records that you should create manually?

  1. 1

  2. 3

  3. 4

  4. 6

    Answer: B Explanation:

    To create DNS Host (A) Records for all internal pool servers

    1. Click Stabrt, click All Programs, click Administrative Tools, and then click DNS.

    2. In DNS Manager, click the DNS Server that manages your records to expand it.

    3. Click Forward Lookup Zones to expand it.

    4. Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA).

    5. In the Name box, type the name of the host record (the domain name will be automatically appended).

    6. In the IP Address box, type the IP address of the individual Front End Server and then select Create associated pointer (PTR) record or Allow any authenticated user to update DNS records with the same owner name, if applicable.

    7. Continue creating records for all member Front End Servers that will participate in DNS Load Balancing.

      For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create the following DNS entries:

      Ensurepass 2017 PDF and VCE

      Reference:

      http: //technet. microsoft. com/en-us/library/cc772506. aspx http: //technet. microsoft. com/en-us/library/gg398251. aspx

      Question No: 155 – (Topic 2)

      Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

      An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.

      You make a change to GPO1.

      You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.

      Which tool should you use?

      1. The Secedit command

      2. Group Policy Management Console (GPMC)

      3. Server Manager

      4. The Gpupdate command

Answer: B Explanation:

In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.

Starting with Windows Server庐 2012 and Windows庐 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

http: //technet. microsoft. com/en-us//library/jj134201. aspx

http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows- server-2012-using-remote-gpupdate. aspx

Question No: 156 HOTSPOT – (Topic 2)

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.

You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.

Which naming context should you use? To answer, select the appropriate naming context in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Ensurepass 2017 PDF and VCE

Starting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer will you need an authoritative restore to recover deleted users, groups, OU’s, or other objects. Instead, it is now possible to use PowerShell commands to bring back objects with all their attributes, backlinks, group memberships, and metadata.

The amount of time that an object can be recovered is controlled by the Deleted Object Lifetime (DOL). This time range can be set on the msDS-deletedObjectLifetime attribute. By default, it will be the same number of days as the Tombstone Lifetime (TSL). The TSL set for a new forest since Windows Server 2003 SP1 has been 180 days*, and since by default DOL = TSL, the default number of days that an object can be restored is therefore 180 days. If tombstoneLifetime is NOT SET or NULL, the tombstone lifetime is that of the

Windows default: 60 days. This is all configurable by the administrator.

Set-ADObject -Identity quot;CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=comquot; -Partition quot;CN=Configuration,DC=contoso,DC=comquot; -Replace: @(quot;msDS-DeletedObjectLifetimequot; = 365)

msDS-deletedObjectLifetime New to Windows Server 2008 R2

Is set on the “CN=Directory Service,CN=Windows NT, CN=Services, CN=Configuration, DC=COMPANY,DC=COM” container

Describes how long a deleted object will be restorable

To modify the deleted object lifetime by using Ldp.exe

To open Ldp.exe, click Start, click Run, and then type ldp.exe.

To connect and bind to the server hosting the forest root domain of your Active Directory environment, under Connections, click Connect, and then click Bind.

In the console tree, right-click the CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration container, and then click Modify.

In the Modify dialog box, in Edit Entry Attribute, type msDS-DeletedObjectLifeTime.

In the Modify dialog box, in Values, type the number of days that you want to set for the tombstone lifetime value. (The minimum is 3 days.)

In the Modify dialog box, under Operation click Replace, click Enter, and then click Run.

References:

http: //technet. microsoft. com/en-us/library/dd392260(v=ws. 10). aspx

http: //blogs. technet. com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding- implementing-best-practices-and-troubleshooting. aspx

Question No: 157 – (Topic 2)

Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2.

The adatum.com domain contains a Group Policy object (GPO) named GPO1. An administrator from adatum.com backs up GPO1 to a USB flash drive.

You have a domain controller named dc1.contoso.com. You insert the USB flash drive in dc1.contoso.com.

You need to identify the domain-specific reference in GPO1. What should you do?

  1. From the Migration Table Editor, click Populate from Backup.

  2. From Group Policy Management, run the Group Policy Modeling Wizard.

  3. From Group Policy Management, run the Group Policy Results Wizard.

  4. From the Migration Table Editor, click Populate from GPO.

Answer: A

Question No: 158 – (Topic 2)

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.

You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements.

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

  1. The Called Station ID constraints

  2. The MS-Service Class conditions

  3. The Health Policies conditions

  4. The NAS Port Type constraints

  5. The NAP-Capable Computers conditions

Answer: C,E

Reference:

http://technet.microsoft.com/en-us/library/cc753603.aspx http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc731560.aspx

Question No: 159 – (Topic 2)

Your network contains multiple Active Directory sites.

You have a Distributed File System (DFS) namespace that has a folder target in each site. You discover that some client computers connect to DFS targets in other sites.

You need to ensure that the client computers only connect to a DFS target in their respective site.

What should you modify?

  1. The properties of the Active Directory sites

  2. The properties of the Active Directory site links

  3. The delegation settings of the namespace

  4. The referral settings of the namespace

Answer: D

Reference:

http://www.windowsnetworking.com/articles_tutorials/Configuring-DFS-Namespaces.html

Question No: 160 – (Topic 2)

You have a Windows Server Update Services (WSUS) server named Server1.. Server1 synchronizes from Microsoft Update.

You plan to deploy a new WSUS server named Server2. Server2 will synchronize updates from Server1. Server2 will be separated from Server1 by a firewall.

You need to identify which port must be open on the firewall so that Server2 can synchronize the updates.

Which port should you identify?

A. 8530

B. 3389

C. 443

D. 80

Answer: A Explanation:

WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator. By default, these ports are configured as follows:

On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS

On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS

The firewall on the WSUS server must be configured to allow inbound traffic on these ports. https://technet.microsoft.com/en-us/library/hh852346.aspx

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 141-150

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 141 – (Topic 2)

Your network contains an Active Directory domain named adatum.com.

You need to audit changes to the files in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL replication traffic caused by the audit.

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

  1. Audit Policy\Audit system events

  2. Advanced Audit Policy Configuration\DS Access

  3. Advanced Audit Policy Configuration\Global Object Access Auditing

  4. Audit Policy\Audit object access

  5. Audit Policy\Audit directory service access

  6. Advanced Audit Policy Configuration\Object Access

Answer: D,F

Question No: 142 – (Topic 2)

Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway.

A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.2S4.

You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails. What should you do on Server1?

  1. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.

  2. Add 10.1.14.254 as a gateway and set the metric to 1.

  3. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.

  4. Add 10.1.14.254 as a gateway and set the metric to 500.

    Answer: C Explanation:

    To configure the Automatic Metric feature:

    1. In Control Panel, double-click Network Connections.

    2. Right-click a network interface, and then click Properties.

    3. Click Internet Protocol (TCP/IP), and then click Properties.

    4. On the General tab, click Advanced.

    5. To specify a metric, on the IP Settings tab, click to clear the Automatic metric check box, and then enter the metric that you want in the Interface Metric field.

      To manually add routes for IPv4

      Open the Command Prompt window by clicking the Start button Picture of the Start button. In the search box, type Command Prompt, and then, in the list of results, click Command Prompt.

      At the command prompt, type route -p add [destination] [mask lt;netmaskgt;] [gateway] [metric lt;metricgt;] [if lt;interfacegt;].

      Question No: 143 – (Topic 2)

      Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.

      The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.

      You need to identify whether the members of the Protected Users group will be prevented from authenticating by using NTLM.

      Which cmdlet should you use?

      1. Get-ADGroupMember

      2. Get-ADDomainControllerPasswordReplicationPolicy

      3. Get-ADDomainControllerPasswordReplicationPolicyUsage

      4. Get-ADDomain

      5. Get-ADOptionalFeature

      6. Get-ADAccountAuthorizationGroup

      7. Get-ADAuthenticationPolicySilo

      8. Get-ADAuthenticatonPolicy

Answer: D

Explanation: If the domain functional level is Windows Server 2012 R2, members of the (Protected Users) group can no longer authenticate by using NTLM authentication. So we

need to check the domain functional level with Get-ADDomain. https://technet.microsoft.com/en-us/library/Dn518179.aspx

Question No: 144 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All domain controllers in the domain are configured as shown in the following table.

Ensurepass 2017 PDF and VCE

You deploy a new domain controller named DC3 that runs Windows Server 2012 R2.

You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.

You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?

  1. Transfer the PDC emulator operations master role.

  2. Upgrade DC1.

  3. Raise the functional level of the domain.

  4. Transfer the infrastructure master operations master role.

Answer: C

Question No: 145 – (Topic 2)

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.

Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

You have a GPO named GPO1 that is linked to the domain. You need to configure GPO1 to apply settings to Group1 only. You need to configure GPO1 to apply settings to Group1 only. What should you use?

  1. Dcgpofix

  2. Get-GPOReport

  3. Gpfixup

  4. Gpresult

  5. Gpedit. msc

  6. Import-GPO

  7. Restore-GPO

  8. Set-GPInheritance

  9. Set-GPLink

  10. Set-GPPermission

  11. Gpupdate

  12. Add-ADGroupMember

Answer: C

Question No: 146 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.

Ensurepass 2017 PDF and VCE

All client computers run Windows 8 Enterprise.

You plan to deploy Network Access Protection (NAP) by using IPSec enforcement.

A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.

You need to ensure that the client computers can discover HRA servers automatically.

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

  1. On all of the client computers, configure the EnableDiscovery registry key.

  2. In a GPO, modify the Request Policy setting for the NAP Client Configuration.

  3. On Server2, configure the EnableDiscovery registry key.

  4. On DC1, create an alias (CNAME) record.

  5. On DC1, create a service location (SRV) record.

Answer: A,B,E Explanation:

Requirements for HRA automatic discovery

The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery:

Client computers must be running Windows Vista庐 with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3).

The HRA server must be configured with a Secure Sockets Layer (SSL) certificate. The EnableDiscovery registry key must be configured on NAP client computers.

DNS SRV records must be configured.

The trusted server group configuration in either local policy or Group Policy must be cleared.

http: //technet. microsoft. com/en-us/library/dd296901. aspx

Question No: 147 – (Topic 2)

Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.

You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.

Which cmdlet should you use?

  1. Get-ADGroupMember

  2. Get-ADDomainControllerPasswordReplicationPolicy

  3. Get-ADDomainControllerPasswordReplicationPolicyUsage

  4. Get-ADDomain

  5. Get-ADOptionalFeature

  6. Get-ADAccountAuthorizationGroup

Answer: E

Explanation: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.

Example: Get-ADOptionalFeature #39;Recycle Bin Feature#39;

Get the optional feature with the name #39;Recycle Bin Feature#39;.

Reference: Get-ADOptionalFeature https://technet.microsoft.com/en-us/library/ee617218.aspx

Question No: 148 HOTSPOT – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.

You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.

You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.

Which two settings should you configure in GPO1?

To answer, select the appropriate two settings in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Question No: 149 HOTSPOT – (Topic 2)

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1.

Your company implements DirectAccess.

A user named User1 works at a customer#39;s office. The customer#39;s office contains a server named Server1.

When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com. You need to provide User1 with the ability to connect to Server1 in the customer#39;s office.

Which Group Policy option should you configure? To answer, select the appropriate option in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Ensurepass 2017 PDF and VCE

Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.

If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.

The ability to disconnect allows users to specify single-label, unqualified names (such as “PRINTSVR”) for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet.

To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect.

Note: If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT.

If this setting is not configured, users do not have Connect or Disconnect options.

Question No: 150 HOTSPOT – (Topic 2)

Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.

The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.

All client computers obtain their IPv4 and IPv6 addresses from DHCP.

You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.

Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 131-140

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 131 HOTSPOT – (Topic 2)

Your network contains 25 Web servers that run Windows Server 2012 R2.

You need to configure auditing policies that meet the following requirements:

->Generate an event each time a new process is created.

->Generate an event each time a user attempts to access a file share.

Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Question No: 132 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU.

A Group Policy object (GPO) named GPO1 is linked to Sales_OU. You need to configure a dial-up connection for all of the sales users. What should you configure from User Configuration in GPO1?

  1. Policies/Administrative Templates/Network/Windows Connect Now

  2. Preferences/Control Panel Settings/Network Options

  3. Policies/Administrative Templates/Windows Components/Windows Mobility Center

  4. Policies/Administrative Templates/Network/Network Connections

Answer: B Explanation:

The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension.

Ensurepass 2017 PDF and VCE

To create a new Dial-Up Connection preference item

Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.

In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder.

Right-click the Network Options node, point to New, and select Dial-Up Connection.

References:

http: //technet. microsoft. com/en-us/library/cc772107. aspx http: //technet. microsoft. com/en-us/library/cc772107. aspx http: //technet. microsoft. com/en-us/library/cc772449. aspx

Question No: 133 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.

A support technician accidentally deletes a user account named User1. You need to use tombstone reanimation to restore the User1 account. Which tool should you use?

  1. Active Directory Administrative Center

  2. Ntdsutil

  3. Ldp

  4. Esentutl

Answer: C Explanation:

Use Ldp.exe to restore a single, deleted Active Directory object

This feature takes advantage of the fact that Active Directory keeps deleted objects in the database for a period of time before physically removing them.

use Ldp.exe to restore a single, deleted Active Directory object

The LPD.exe tool, included with Windows Server 2012, allows users to perform operations against any LDAP-compatible directory, including Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata.

References:

http: //www. petri. co. il/manually-undeleting-objects-windows-active-directory-ad. htm http: //www. petri. co. il/manually-undeleting-objects-windows-active-directory-ad. htm http: //technet. microsoft. com/en-us/magazine/2007. 09. tombstones. aspx

http: //technet. microsoft. com/nl-nl/library/dd379509(v=ws. 10). aspx#BKMK_2 http: //technet. microsoft. com/en-us/library/hh875546. aspx

http: //technet. microsoft. com/en-us/library/dd560651(v=ws. 10). aspx

Question No: 134 – (Topic 2)

Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configured to notify secondary servers of changes automatically.

You update several records on Server1.

You need to force the replication of the contoso.com zone records from Server1 to Server2. What should you do from Server2?

  1. Right-click the contoso.com zone and click Reload.

  2. Right-click the contoso.com zone and click Transfer from Master.

  3. Right-click Server2 and click Update Server Data Files.

  4. Right-click Server2 and click Refresh.

Answer: B Explanation:

Initiates zone transfer from secondary server

Open DNS; In the console tree, right-click the applicable zone and click Transfer from master.

Ensurepass 2017 PDF and VCE

References:

http: //technet. microsoft. com/en-us/library/cc779391(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/cc779391(v=ws. 10). aspx

http: //technet. microsoft. com/en-us/library/cc786985(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/cc779391(v=ws. 10). aspx

Question No: 135 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed.

You need to allow connections that use 802.1x. What should you create?

  1. A network policy that uses Microsoft Protected EAP (PEAP) authentication

  2. A network policy that uses EAP-MSCHAP v2 authentication

  3. A connection request policy that uses EAP-MSCHAP v2 authentication

  4. A connection request policy that uses MS-CHAP v2 authentication

Answer: C Explanation:

802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:

->EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials.

->EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key determination method.

->EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication.

->PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.

Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.

With connection request policies, you can use NPS as a RADIUS server or as a RADIUS

proxy, based on factors such as the following:

->The time of day and day of the week

->The realm name in the connection request

->The type of connection being requested

->The IP address of the RADIUS client

Question No: 136 – (Topic 2)

Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com.

You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone.

What should you do first?

  1. Run the Zone Signing Wizard for the zone.

  2. From the properties of the zone, modify the start of authority (SOA) record.

  3. From the properties of the zone, change the zone type.

  4. Run the New Delegation Wizard for the zone.

Answer: C Explanation:

The Zone would need to be changed to a AD integrated zone When you use directory- integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a secure group, such as a domain administrators group. This security feature is not available with standard primary zones.

DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.

Standard (not an Active Directory integrated zone) has no Security settings:

Ensurepass 2017 PDF and VCE

You need to firstly change the quot;Standard Primary Zonequot; to AD Integrated Zone:

Ensurepass 2017 PDF and VCE

Now there#39;s Security tab:

Ensurepass 2017 PDF and VCE

References:

http: //technet. microsoft. com/en-us/library/cc753014. aspx http: //technet. microsoft. com/en-us/library/cc726034. aspx http: //support. microsoft. com/kb/816101

Question No: 137 – (Topic 2)

You have two Windows Server Update Services (WSUS) servers named Server01 and Server02. Server01 synchronizes from Microsoft Update. Server02 synchronizes updates from Server01. Both servers are members of the same Active Directory domain.

You configure Server01 to require SSL for all WSUS metadata by using a certificate issued by an enterprise root certification authority (CA).

You need to ensure that Server02 synchronizes updates from Server01. What should you do on Server02?

  1. From a command prompt, run wsusutil.exe configuresslproxy server02 443.

  2. From a command prompt, run wsusutil.exe configuressl server01.

  3. From a command prompt, run wsusutil.exe configuresslproxy server01 443.

  4. From the Update Services console, modify the Update Source and Proxy Server options.

Answer: C

Question No: 138 – (Topic 2)

Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012 R2. The domain contains a virtual machine named DC2.

On DC2, you run Get-ADDCCIoningExcludedApplicationList and receive the output shown in the following table.

Ensurepass 2017 PDF and VCE

You need to ensure that you can clone DC2.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Ensurepass 2017 PDF and VCE

  1. Option A

  2. Option B

  3. Option C

  4. Option D

  5. Option E

Answer: A,E Explanation:

Because domain controllers provide a distributed environment, you could not safely clone an Active Directory domain controller in the past.

Before, if you cloned any server, the server would end up with the same domain or forest, which is unsupported with the same domain or forest. You would then have to run sysprep, which would remove the unique security information before cloning and then promote a domain controller manually. When you clone a domain controller, you perform safe cloning, which a cloned domain controller automatically runs a subset of the sysprep process and promotes the server to a domain controller automatically.

The four primary steps to deploy a cloned virtualized domain controller are as follows:

->Grant the source virtualized domain controller the permission to be cloned by adding the source virtualized domain controller to the Cloneable Domain Controllers group.

->Run Get-ADDCCloningExcludedApplicationListcmdlet in Windows PowerShell to determine which services and applications on the domain controller are not compatible with the cloning.

->Run New-ADDCCloneConfigFile to create the clone configuration file, which is

stored in the C:\Windows\NTDS.

->In Hyper-V, export and then import the virtual machine of the source domain controller.

Run Get-ADDCCloningExcludedApplicationListcmdlet In this procedure, run the Get- ADDCCloningExcludedApplicationListcmdlet on the source virtualized domain controller to identify any programs or services that are not evaluated for cloning. You need to run the Get-ADDCCloningExcludedApplicationListcmdlet before the New- ADDCCloneConfigFilecmdlet because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. To identify applications or services that run on a source domain controller which have not been evaluated for cloning. Get-ADDCCloningExcludedApplicationList

Get-ADDCCloningExcludedApplicationList -GenerateXml

The clone domain controller will be located in the same site as the source domain controller unless a different site is specified in the DCCloneConfig.xml file.

Note:

->The Get-ADDCCloningExcludedApplicationListcmdlet searches the local domain controller for programs and services in the installed programs database, the services control manager that are not specified in the default and user defined inclusion list. The applications in the resulting list can be added to the user defined exclusion list if they are determined to support cloning. If the applications are not cloneable, they should be removed from the source domain controller before the clone media is created. Any application that appears in cmdlet output and is not included in the user defined inclusion list will force cloning to fail.

->The Get-ADDCCloningExcludedApplicationListcmdlet needs to be run before the New- ADDCCloneConfigFilecmdlet is used because if the New- ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file.

->DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.

The New-ADDCCloneConfigcmdlet in PowerShell By hand with an XML editor

By editing an existing config file, again with an XML editor (Notepad is not an XML editor.)

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

You can populate the XML file. . . . . doesn#39;t need to be empty. . . . .

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

References:

http: //technet. microsoft. com/en-us/library/hh831734. aspx

http: //blogs. dirteam. com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in- active-directory-domain-services-in-windows-server-2012-part-13-domain-controller- cloning. aspx

Question No: 139 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2.

Computer accounts for the marketing department are in an organizational unit (OU) named Departments\Marketing\Computers. User accounts for the marketing department are in an OU named Departments\Marketing\Users.

All of the marketing user accounts are members of a global security group named MarketingUsers. All of the marketing computer accounts are members of a global security group named MarketingComputers.

In the domain, you have Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

You create two Password Settings objects named PSO1 and PSO2. PSO1 is applied to MarketingUsers. PSO2 is applied to MarketingComputers.

The minimum password length is defined for each policy as shown in the following table.

Ensurepass 2017 PDF and VCE

You need to identify the minimum password length required for each marketing user.

What should you identify?

  1. 5

  2. 6

  3. 7

  4. 10

  5. 12

Answer: D

Question No: 140 – (Topic 2)

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed.

Server1 contains two boot images and four install images.

You need to ensure that when a computer starts from PXE, the available operating system images appear in a specific order.

What should you do?

  1. Modify the properties of the boot images.

  2. Create a new image group.

  3. Modify the properties of the install images.

  4. Modify the PXE Response Policy.

Answer: C

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 121-130

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 121 – (Topic 2)

Your network is configured as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

Server1 regularly accesses Server2.

You discover that all of the connections from Server1 to Server2 are routed through Router1.

You need to optimize the connection path from Server1 to Server2. Which route command should you run on Server1?

A. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100

B. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50

C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100

D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50

Answer: A Explanation:

Destination – specifies either an IP address or host name for the network or host.

subnetmask – specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used.

gateway – specifies either an IP address or host name for the gateway or router to use when forwarding.

costmetric – assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes. If costmetric is not specified, 1 is used.

interface – specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address.

References:

http: //support. microsoft. com/kb/299540/en-us

http: //technet. microsoft. com/en-us/library/cc757323(v=ws. 10). aspx

Question No: 122 HOTSPOT – (Topic 2)

Your network contains one Active Directory forest named contoso.com.

All client computers for the sales department are in an organizational unit (OU) named Sales. All of the sales department computers run Windows 8.1.

You plan to use Group Policy preferences to map several drives on the sales department computers.

You need to perform the following actions:

  • Create a drive mapping on all of the sales department computers for drive X. If drive X already exists, the current drive mapping should NOT be modified.

  • Create a drive mapping on all of the sales department computers for drive Y. If drive Y already exists, the UNC path must be modified, but all other settings must be maintained.

Which action should you use for each drive mapping? To answer, select the appropriate options in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Ensurepass 2017 PDF and VCE

C:\Users\Kamran\Desktop\sample.jpg

Create – If a drive mapping doesn’t exist for this user for the share “\shareuserDocuments”, then create one. If there already is one, don’t do anything! It’s a kind, gentle sort of policy, it won’t overwrite anything you already have, so it has a Green icon associated in the UI. Update – If that drive mapping exists, it will be updated with the settings specified here. If there are other settings associated with the drive mapping that aren’t specified here, they will be maintained. If no drive mapping exists for this share, create it. https://blogs.technet.microsoft.com/grouppolicy/2009/10/26/group-policy-preferences- colorful-and-mysteriously-powerful-just-like-windows-7/

Question No: 123 – (Topic 2)

Your network contains one Active Directory domain named contoso.com.

From the Group Policy Management console, you view the details of a Group Policy object (GPO) named GPO1.

You need to ensure that the comments field of GPO1 contains a detailed description of GPO1.

What should you do?

  1. From Active Directory Users and Computers, edit the properties of contoso.com/System/Policies/{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}.

  2. Open GPO1 in the Group Policy Management Editor, and then modify the properties of GPO1.

  3. From Notepad, edit \\contoso.com\SYSVOL\ contoso.com\Policies\{229DCD27-9D98- ACC2-A6AE-ED765F065FF5}\gpt.ini.

  4. From Group Policy Management, click View, and then click Customize.

Answer: B

Explanation: Adding a comment to a Group Policy object

->Open the Group Policy Management Console. Expand the Group Policy Objects node.

->Right-click the Group Policy object you want to comment and then click Edit .

->In the console tree, right-click the name of the Group Policy object and then click Properties .

->Click the Comment tab.

->Type your comments in the Comment box.

->Click OK

Reference: Comment a Group Policy Object https://technet.microsoft.com/en-us/library/cc770974.aspx

Question No: 124 – (Topic 2)

Your company has a main office and a branch office.

The main office contains a server that hosts a Distributed File System (DFS) replicated folder.

You plan to implement a new DFS server in the branch office.

You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office.

You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets. Which additional command or cmdlet should you include in the recommendation?

  1. Robocopy.exe

  2. Synchost.exe

  3. Export-BcCachePackage

  4. Sync-DfsReplicationGroup

Answer: A Explanation:

By preseeding files before you set up DFS Replication, add a new replication partner, or replace a server, you can speed up initial synchronization and enable cloning of the DFS Replication database in Windows Server 2012 R2. The Robocopy method is one of several preceding methods

Question No: 125 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1.

You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1.

What should you configure?

  1. the Audit File Share setting of Servers GPO

  2. the Sharing settings of C:\Share1

  3. the Audit File System setting of Servers GPO

  4. the Security settings of C:\Share1

Answer: D Explanation:

You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system.

Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.

File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in the event log.

To view connections to shared resources, type net session at a command prompt or follow these steps:

->In Computer Management, connect to the computer on which you created the

shared resource.

->In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers.

To enable folder permission auditing, you can follow the below steps:

->Click start and run quot;secpol. mscquot; without quotes.

->Open the Local Policies\Audit Policy

->Enable the Audit object access for quot;Successquot; and quot;Failurequot;.

->Go to target files and folders, right click the folder and select properties.

->Go to Security Page and click Advanced.

Ensurepass 2017 PDF and VCE

->Click Auditing and Edit.

->Click add, type everyone in the Select User, Computer, or Group.

->Choose Apply onto: This folder, subfolders and files.

->Tick on the box “Change permissions”

->Click OK.

Ensurepass 2017 PDF and VCE

After you enable security auditing on the folders, you should be able to see the folder permission changes in the server#39;s Security event log. Task Category is File System.

References:

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73- 4477-8014-f2eb10f3f10f/

http: //technet. microsoft. com/en-us/library/cc753927(v=ws. 10). aspx

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73- 4477-8014-f2eb10f3f10f/

http: //support. microsoft. com/kb/300549

http: //www. windowsitpro. com/article/permissions/auditing-folder-permission-changes http: //www. windowsitpro. com/article/permissions/auditing-permission-changes-on-a- folder

Question No: 126 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

The network contains several group Managed Service Accounts that are used by four member servers.

You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.

You create a Group Policy object (GPO) named GPO1. What should you do next?

  1. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers organizational unit (OU).

  2. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.

  3. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU).

  4. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.

Answer: A Explanation:

Audit User Account Management

This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed:

->A user account is created, changed, deleted, renamed, disabled, enabled, locked

out, or unlocked.

->A user account password is set or changed.

->Security identifier (SID) history is added to a user account.

->The Directory Services Restore Mode password is set.

->Permissions on accounts that are members of administrators groups are changed.

->Credential Manager credentials are backed up or restored.

This policy setting is essential for tracking events that involve provisioning and managing user accounts.

Question No: 127 – (Topic 2)

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

Server1 has a folder named Folder1 that is used by the sales department.

You need to ensure that an email notification is sent to the sales manager when a File Screening Audit report is generated.

What should you configure on Server1?

  1. a file group

  2. a file screen

  3. a file screen exception

  4. a storage report task

Answer: D Explanation:

From the Storage Reports Management node, you can generate reports that will help you understand file use on the storage server. You can use the storage reports to monitor disk usage patterns (by file type or user), identify duplicate files and dormant files, track quota usage, and audit file screening.

Ensurepass 2017 PDF and VCE

Before you run a File Screen Audit report, in the File Server Resource Manager Options dialog box, on the File Screen Audit tab, verify that the Record file screening activity in the auditing database check box is selected.

Reference:

http: //technet. microsoft. com/en-us/library/cc755988. aspx http: //technet. microsoft. com/en-us/library/cc730822. aspx

http: //technet. microsoft. com/en-us/library/cc770594. aspx http: //technet. microsoft. com/en-us/library/cc771212. aspx http: //technet. microsoft. com/en-us/library/cc732074. aspx

Question No: 128 – (Topic 2)

Your network contains one Active Directory forest named contoso.com. You create a starter Group Policy object (GPO) named Starter_GPO1.

From the Delegation tab Of Starter_GPO1, you add a group named GPO_Admins and you assign the Edit settings permissions to the group.

You create a new GPO named GPO1 from Starter_GPO1.

You need to identity which action can he performed by the members of the GPO Admins group.

What should you identify?

  1. Modify the Delegation settings of Starter_GPO1.

  2. Modify the Group Policy Preferences in Starter_GPO1.

  3. Link a WMI filter to GPO1.

  4. Modify the Administrative Templates in GPO1.

Answer: A Explanation:

Permission rights applied to starter GPO objects are relative to the starter GPO objects only; they are not inherited from actual GPOs created from starter GPOs. B is wrong because Starter GPOs do not have preferences, only Administrative Template policy settings.

https://technet.microsoft.com/en-us/library/cc753200.aspx

Question No: 129 – (Topic 2)

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DLL.

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.

You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.

What should you do?

  1. From the File Server Resource Manager console, create a local classification property.

  2. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share – Applications option.

  3. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.

  4. From the File Server Resource Manager console, set a folder management property.

Answer: D

Question No: 130 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.

You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1.

Which tool should you use?

  1. Get-ADDefaultDomainPasswordPolicy

  2. Active Directory Administrative Center

  3. Local Security Policy

  4. Get-ADAccountResultantPasswordReplicationPolicy

Answer: B Explanation:

In Windows Server 2012, fine-grained password policy management is made much easier than Windows Server 2008/2008 R2. Windows Administrators not have to use ADSI Edit and configure complicated settings to create the Password Settings Object (PSO) in the Password Settings Container. Instead we can configure fine-grained password policy directly in Active Directory Administrative Center (ADAC).

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 111-120

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 111 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

A domain controller named DO has the ADMX Migrator tool installed. You have a custom Administrative Template file on DC1 named Template1.adm.

You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool.

Which action should you run first?

  1. Load Template

  2. New Policy Setting

  3. Generate ADMX from ADM

  4. New Category

Answer: C Explanation:

The ADMX Migrator provides two conversion methods – through the editor or through a command-line program. From the ADMX Editor, choose the option to Generate ADMX from ADM. Browse to your ADM file, and the tool quickly and automatically converts it. You then can open the converted file in the editor to examine its values and properties and modify it if you wish. The ADMX Migrator Command Window is a little more complicated; it requires you to type a lengthy command string at a prompt to perform the conversions. However, it includes some options and flexibility not available in the graphical editor.

Ensurepass 2017 PDF and VCE

References:

http: //technet. microsoft. com/pt-pt/magazine/2008. 02. utilityspotlight(en-us). aspx http: //technet. microsoft. com/pt-pt/magazine/2008. 02. utilityspotlight(en-us). aspx

Question No: 112 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

DirectAccess is deployed to the network.

Remote users connect to the DirectAccess server by using a variety of network speeds. The remote users report that sometimes their connection is very slow.

You need to minimize Group Policy processing across all wireless wide area network (WWAN) connections.

Which Group Policy setting should you configure?

  1. Configure Group Policy slow link detection.

  2. Configure Direct Access connections as a fast network connection.

  3. Configure wireless policy processing.

  4. Change Group Policy processing to run asynchronously when a slow network connection is detected.

Answer: A

Question No: 113 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed.

Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection.

You need to minimize the amount of processor resources consumed by DFS Replication. What should you do?

  1. Modify the replication schedule.

  2. Modify the staging quota.

  3. Disable Remote Differential Compression (RDC).

  4. Reduce the bandwidth usage.

Answer: C Explanation:

Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files.

Question tells it uses a high-speed LAN connection.

References:

http: //technet. microsoft. com/en-us/library/cc758825(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/cc754229. aspx

Question No: 114 – (Topic 2)

Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named Server1.contoso.com. The adatum.com forest contains a server named server2. adatum.com. Both servers have the Network Policy Server role service installed.

The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed.

You plan to configure Server3 as an authentication provider for several VPN servers.

You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com.

Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.)

  1. Remediation server groups

  2. Remote RADIUS server groups

  3. Connection request policies

  4. Network policies

  5. Connection authorization policies

Answer: B,C Explanation:

To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.

When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS

servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.

When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests.

Ensurepass 2017 PDF and VCE

References:

http: //technet. microsoft. com/en-us/library/cc754518. aspx http: //technet. microsoft. com/en-us/library/cc754518. aspx http: //technet. microsoft. com/en-us/library/cc754518. aspx

Question No: 115 – (Topic 2)

Your network contains an Active Directory domain named contoso.com.

You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

You plan to use the User1 account as a service account. The service will forward authentication requests to other servers.

You need to ensure that you can view the Delegation tab from the properties of the User1 account.

What should you do first?

  1. Configure the Name Mappings of User1.

  2. Modify the user principal name (UPN) of User1.

  3. Configure a Service Principal Name (SPN) for User1.

  4. Modify the Security settings of User1.

    Answer: C Explanation:

    If you cannot see the Delegation tab, do one or both of the following:

    Register a Service Principal Name (SPN) for the user account with the Setspn utility in the support tools on your CD. Delegation is only intended to be used by service accounts, which should have registered SPNs, as opposed to a regular user account which typically does not have SPNs.

    Raise the functional level of your domain to Windows Server 2003. For more information, see Related Topics.

    Ensurepass 2017 PDF and VCE

    References:

    http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not- available-until-a-spn-is-set. aspx

    http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not- available-until-a-spn-is-set. aspx

    http: //technet. microsoft. com/en-us/library/cc739474(v=ws. 10). aspx

    http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not- available-until-a-spn-is-set. aspx

    Question No: 116 DRAG DROP – (Topic 2)

    Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named test.contoso.com. There is no network connectivity between contoso.com and test.contoso.com.

    The test.contoso.com domain contains a Group Policy object (GPO) named GPO1. You need to apply the settings in GPO1 to the contoso.com domain.

    Which four actions should you perform?

    To answer, move the four appropriate actions from the list of actions to the answer area and arrange them in correct order.

    Ensurepass 2017 PDF and VCE

    Answer:

    Ensurepass 2017 PDF and VCE

    Explanation:

    1. Run the Backup-gpo cmdlet2. User removable media to transfer the contects of test.contoso.com to contoso.com3. Create a gpo in contoso.com4. Run the import-goo cmdlet

      Question No: 117 – (Topic 2)

      You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.

      You configure a custom service on VM1 named Service1.

      You need to ensure that VM1 will be moved to a different node if Service1 fails. Which cmdlet should you run on Cluster1?

      1. Add-ClusterVmMonitoredItem

      2. Add-ClusterGenericServiceRole

      3. Set-ClusterResourceDependency

      4. Enable VmResourceMetering

Answer: A Explanation:

The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event

Tracing for Windows (ETW) event so that it is monitored on a virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource. For example, the configuration might specify that the virtual machine be restarted.

Question No: 118 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed.

DirectAccess is implemented on Server1 by using the default configuration.

You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.

You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.

What should you do?

  1. Configure a DNS suffix search list on the DirectAccess clients.

  2. Configure DirectAccess to enable force tunneling.

  3. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).

  4. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).

Answer: B Explanation:

With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their intranet and Internet traffic as follows:

->DNS name queries for intranet fully qualified domain names (FQDNs) and all

intranet traffic is exchanged over the tunnels that are created with the DirectAccess server or directly with intranet servers. Intranet traffic from DirectAccess clients is IPv6 traffic.

->DNS name queries for FQDNs that correspond to exemption rules or do not match

the intranet namespace, and all traffic to Internet servers, is exchanged over the

physical interface that is connected to the Internet. Internet traffic from DirectAccess clients is typically IPv4 traffic.

In contrast, by default, some remote access virtual private network (VPN) implementations, including the VPN client, send all intranet and Internet traffic over the remote access VPN connection. Internet-bound traffic is routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet resources. It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split tunneling. This involves configuring the Internet Protocol (IP) routing table on VPN clients so that traffic to intranet locations is sent over the VPN connection, and traffic to all other locations is sent by using the physical interface that is connected to the Internet.

You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients detect that they are on the Internet, and they remove their IPv4 default route. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.

Question No: 119 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.

You mount an Active Directory snapshot on DC1.

You need to expose the snapshot as an LDAP server. Which tool should you use?

  1. Ldp

  2. ADSI Edit

  3. Dsamain

  4. Ntdsutil

Answer: C Explanation:

dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit

/ldapport51389

Ensurepass 2017 PDF and VCE

Reference: http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx

Question No: 120 – (Topic 2)

Your network contains on Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named AIIServers_OU.

You create and link a Group Policy object (GPO) named GPO1 to AIIServer_OU. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

d

You need to ensure that GPO1 only applies to servers that have Remote Desktop Services (RDS) installed

What should you configure?

  1. Item-level targeting

  2. Block Inheritance

  3. Security Filtering

  4. WMI Filtering

Answer: D

Explanation: If you need to configure a Remote Desktop Server farm and need to setup some group policies that only applied to computers that are Remote Desktop Servers, there are a couple of obvious ways you could achieve this.

  1. You could put your Remote Desktop Servers in a specific Organisational Unit and link your Group Policies there

  2. You could create a WMI Filter to filter by name i.e.

SELECT * FROM Win32_ComputerSystem WHERE ((Name = ‘RDSERVER01’) OR (Name = ‘RDSERVER02’))

If you don’t want to have to update the WMI Filter if you need to add more Remote Desktop Servers, you can use the following WMI Filter against the rootCIMV2TerminalServices Namespace:

Select * From Win32_TerminalServiceSetting Where TerminalServerMode=1

Ensurepass 2017 PDF and VCE

C:\Users\Kamran\Desktop\sample.jpg

http://www.focusedit.co.uk/54-group-policy-wmi-filter-for-remote-desktop-server/ https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 101-110

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 101 HOTSPOT – (Topic 2)

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre- shared keys.

What should you modify?

To answer, select the appropriate object in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Ensurepass 2017 PDF and VCE

The four types of tunneling protocols used with a VPN/RAS server running on Windows Server 2012 include:

Point-to-Point Tunneling Protocol (PPTP): A VPN protocol based on the legacy Point-to- Point protocol used with modems. The PPTP specification does not describeencryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement security functionality.

Layer 2 Tunneling Protocol (L2TP): Used with IPsec to provide security. L2TP supports either computer certificates or a preshared key as the authentication method for IPsec. IKEv2: IKE is short for Internet Key Exchange, which is a tunneling protocol that uses IPsec Tunnel Mode protocol. The message is encrypted with one of the following protocols by using encryption keys that are generated from the IKEv2 negotiation process.

Secure Socket Tunneling Protocol (SSTP): Introduced with Windows Server 2008, which uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls

References:

http: //en. wikipedia. org/wiki/Point-to-Point_Tunneling_Protocol

Question No: 102 DRAG DROP – (Topic 2)

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.

All of the VPN servers on your network use Server1 for RADIUS authentication. You create a security group named Group1.

You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:

->Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.

->Allow only the members of Group1 to establish a VPN connection to the VPN

servers if the members are using client computers that run Windows 8 or later.

Which type of policy should you create for each requirement?

To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Question No: 103 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers.

All domain users are configured to have a minimum password length of eight characters.

You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters.

What should you do?

  1. Configure a local Group Policy object (GPO) on each research server.

  2. Create and link a Group Policy object (GPO) to the ResearchServers OU.

  3. Create a universal group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.

  4. Create a global group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.

    Answer: B Explanation:

    For a domain, and you are on a member server or a workstation that is joined to the domain

    1. Open Microsoft Management Console (MMC).

    2. On the File menu, click Add/Remove Snap-in, and then click Add.

    3. Click Group Policy Object Editor, and then click Add.

    4. In Select Group Policy Object, click Browse.

    5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the appropriate domain, site, or organizational unit-or create a new one, click OK, and then click Finish.

    6. Click Close, and then click OK.

    7. In the console tree, click Password Policy. Where?

      Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy

    8. In the details pane, right-click the policy setting that you want, and then click Properties.

    9. If you are defining this policy setting for the first time, select the Define this policy setting check box.

    10. Select the options that you want, and then click OK.

Question No: 104 – (Topic 2)

You have a server named Server1 that runs Windows Server 2012 R2. You discover that the performance of Server1 is poor.

The results of a performance report generated on Server1 are shown in the following table.

Ensurepass 2017 PDF and VCE

You need to identify the cause of the performance issue. What should you identify?

  1. Driver malfunction

  2. Insufficient RAM

  3. Excessive paging

  4. NUMA fragmentation

Answer: A Explanation:

Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface.

Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity.

Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.

Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue.

Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data.

References:

http: //technet. microsoft. com/en-us/library/cc768048. aspx

Question No: 105 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.

All of the domain controllers have a third-party application installed.

The operating system fails to recognize that the application is compatible with domain controller cloning.

You verify with the application vendor that the application supports domain controller cloning.

You need to prepare a domain controller for cloning. What should you do?

  1. In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application information to the file.

  2. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml.

  3. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application information to the file.

  4. In C:\Windows\System32\Sysprep\Actionfiles\, add the application information to an XML file named Respecialize.xml.

Answer: C Explanation:

Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds. dit) on the source Domain Controller.

Ensurepass 2017 PDF and VCE

References:

http: //blogs. dirteam. com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in- active-directory-domain-services-in-windows-server-2012-part-13-domain-controller- cloning. aspx

http: //www. thomasmaurer. ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a- virtual-domain-controller

http: //technet. microsoft. com/en-us/library/hh831734. aspx

Question No: 106 – (Topic 2)

You have a group Managed Service Account named Service01. Three servers named Server01, Server02, and Server03 currently use the Service01 service account.

You plan to decommission Server01.

You need to remove the cached password of the Service01 service account from Server01. The solution must ensure that Server02 and Server 03 continue to use Service01.

Which cmdlet should you run?

  1. Set-ADServiceAccount

  2. Remove-ADServiceAccount

  3. Uninstall-ADServiceAccount

  4. Reset-ADServiceAccountPassword

Answer: B

Explanation: The Remove-ADServiceAccount cmdlet removes an Active Directory service account. This cmdlet does not make changes to any computers that use the service account. After this operation, the service account is no longer hosted on the target

computer but still exists in the directory.

Incorrect:

Not C: The Uninstall-ADServiceAccount cmdlet removes an Active Directory service account on the computer on which the cmdlet is run. The specified service account must be installed on the computer.

Reference: Remove-ADServiceAccount https://technet.microsoft.com/en-us/library/ee617190.aspx

Question No: 107 – (Topic 2)

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.

You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.

What should you do?

  1. From File Explorer, modify the Classification tab of Folder1.

  2. From the File Server Resource Manager console, modify the Email Notifications settings.

  3. From the File Server Resource Manager console, set a folder management property.

  4. From File Explorer, modify the Customize tab of Folder1.

Answer: C Explanation:

When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both.

You can use the File Server Resource Manager console to configure the owner distribution list by editing the management properties of the classification properties.

Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12

Question No: 108 – (Topic 2)

Your company has a main office and a branch office. The main office is located in Seattle. The branch office is located in Montreal. Each office is configured as an Active Directory site.

The network contains an Active Directory domain named adatum.com. The Seattle office contains a file server named Server1. The Montreal office contains a file server named Server2.

The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed.

Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication.

You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1.

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

  1. Create a replication connection.

  2. Create a namespace.

  3. Share and publish the replicated folder.

  4. Create a new topology.

  5. Modify the Referrals settings.

    Answer: B,C,E Explanation:

    To share a replicated folder and publish it to a DFS namespace Click Start, point to Administrative Tools, and then click DFS Management. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the wizard.

    Note that: If you do not have an existing namespace, you can create one in the Namespace Path page in the Share and Publish Replicated Folder Wizard. To create the namespace, in the Namespace Path page, click Browse, and then click New Namespace.

    To create a namespace

    Click Start, point to Administrative Tools, and then click DFS Management.

    In the console tree, right-click the Namespaces node, and then click New Namespace. Follow the instructions in the New Namespace Wizard.

    To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server instance on the Namespace Server page of the New Namespace Wizard.

    Important

    Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the forest functional level is Windows Server 2003 or higher. Doing so can result in a namespace for which you cannot delete DFS folders, yielding the following error message: “The folder cannot be deleted. Cannot complete this function.”

    To share a replicated folder and publish it to a DFS namespace

    1. Click Start, point to Administrative Tools, and then click DFS Management.

    2. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share.

    3. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace.

    4. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the wizard.

      Ensurepass 2017 PDF and VCE

      quot;You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1.quot;

      Ensurepass 2017 PDF and VCE

      Ensurepass 2017 PDF and VCE

      Reference:

      http: //technet. microsoft. com/en-us/library/cc731531. aspx

      http: //technet. microsoft. com/en-us/library/cc772778(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/cc732414. aspx

      http: //technet. microsoft. com/en-us/library/cc772379. aspx

      http: //technet. microsoft. com/en-us/library/cc732863(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/cc725830. aspx

      http: //technet. microsoft. com/en-us/library/cc771978. aspx

      Question No: 109 – (Topic 2)

      Your network contains an Active Directory domain named adatum.com. The domain contains five servers. The servers are configured as shown in the following table.

      Ensurepass 2017 PDF and VCE

      All desktop computers in adatum.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.

      You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.

      To which server should you deploy the feature?

      1. Server3

      2. Server1

      3. DC2

      4. Server2

      5. DC1

Answer: B Explanation:

The BitLocker-NetworkUnlock feature must be installed on a Windows Deployment Server (which does not have to be configured-the WDSServer service just needs to be running).

Question No: 110 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain.

You need to create NAP event trace log files on a client computer. What should you run?

  1. logman

  2. Register-ObjectEvent

  3. tracert

  4. Register-EngineEvent

Answer: A Explanation:

You can enable NAP client tracing by using the command line. On computers running Windows Vista庐, you can enable tracing by using the NAP Client Configuration console. NAP client tracing files are written in Event Trace Log (ETL) format. These are binary files representing trace data that must be decoded by Microsoft support personnel. Use the -o option to specify the directory to which they are written. In the following example, files are written to %systemroot%\tracing\nap. For more information, see Logman (http: //go. microsoft.com/fwlink/?LinkId=143549).

To create NAP event trace log files on a client computer

->Open a command line as an administrator.

->Type

logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o

%systemroot%\tracing\nap\QAgentRt. etl -ets.

Note: To troubleshoot problems with WSHA, use the following GUID: 789e8f15-0cbf-4402- b0ed-0e22f90fdc8d.

->Reproduce the scenario that you are troubleshooting.

->Type logman stop QAgentRt -ets.

->Close the command prompt window.

References:

http: //technet. microsoft. com/en-us/library/dd348461(v=ws. 10). aspx

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 91-100

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 91 – (Topic 1)

You have Windows Server 2012 R2 installation media that contains a file named Install.wim.

You need to identify which images are present in Install.wim. What should you do?

  1. Run imagex.exe and specify the /ref parameter.

  2. Run dism.exe and specify the /get-mountedwiminfo parameter.

  3. Run dism.exe and specify the /get-imageinfo parameter.

  4. Run imagex.exe and specify the /verify parameter.

Answer: C Explanation:

Option:

/Get-ImageInfo

Arguments:

/ImageFile: lt;path_to_image.wimgt;

[{/Index: lt;Image_indexgt; | /Name: lt;Image_namegt;}]

Displays information about the images that are contained in the .wim, vhd or .vhdx file. When used with the Index or /Name argument, information about the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 Update, see Take Inventory of an Image or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index: 1 for VHD files.

References:

http: //technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/hh825224.aspx

Question No: 92 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed.

The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers.

You need to add a system variable named App1Data to all of the client computers.

Which Group Policy preference should you configure?

  1. Environment

  2. Ini Files

  3. Data Sources

  4. Services

Answer: A Explanation:

Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension.

Question No: 93 DRAG DROP – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named user1.

User1 is the member of a group named Group1. Group1 is in the Users container.

You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.

Ensurepass 2017 PDF and VCE

The Authenticated Users group is assigned the default permissions to all of the GPOs.

There are no site-level GPOs.

You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1.

Which three GPOs should you identify in sequence? To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Box 1: GPO2

Box 2: GPO4

Box 3: GPO5

Note:

  • First at the domain level (GPO2), then at the highest OU level GPO4, and finally at the OU level containing user1 GPO5.

    Incorrect:

  • Read and Apply group policy are both needed in order for the user or computer to receive and process the policy

    Not GPO1: Group1 has Deny Apply Group Policy permissions on GPO1. Not GPO3: Group1 has Deny Read permissions on GPO3.

    GPO2 and GPO4 are disabled.

  • When a Group Policy Object (GPO) is enforced it means the settings in the Group Policy Object on an Organization Unit (which is shown as a folder within the Active Directory Users and Computers MMC) cannot be overruled by a Group Policy Object (GPO) which is link enabled on an Organizational Unit below the Organizational Unit with the enforced Group Policy Object (GPO).

  • Group Policy settings are processed in the following order: 1 Local Group Policy object

    1. Site.

    2. Domain

    3. Organizational units

    GPOs that are linked to the organizational unit that is highest in the Active Directory hierarchy are processed first, then GPOs that are linked to its child organizational unit, and so on. Finally, the GPOs that are linked to the organizational unit that contains the user or computer are processed.

    Question No: 94 HOTSPOT – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

    You need to audit successful and failed attempts to read data from USB drives on the servers.

    Which two objects should you configure? To answer, select the appropriate two objects in the answer area.

    Ensurepass 2017 PDF and VCE

    Answer:

    Ensurepass 2017 PDF and VCE

    Question No: 95 – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.

    You implement a Group Policy central store.

    You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.

    What should you configure in a Group Policy object (GPO)?

    1. The Group Policy preferences

    2. An application control policy

    3. The Administrative Templates

    4. The Software Installation settings

    Answer: A Explanation:

    Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files.

    Reference: http://technet.microsoft.com/en-us/library/dn581922.aspx

    Question No: 96 – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

    Server1 has the following role services installed:

    ->DirectAccess and VPN (RRAS)

    ->Network Policy Server

    Remote users have client computers that run either Windows XP, Windows 7, or Windows 8.

    You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1.

    What should you configure on Server1?

    1. A condition of a Network Policy Server (NPS) network policy

    2. A constraint of a Network Policy Server (NPS) network policy

    3. a condition of a Network Policy Server (NPS) connection request policy

    4. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy

    Answer: A Explanation:

    If you want to configure the Operating System condition, click Operating System, and then click Add. In Operating System Properties, click Add, and then specify the operating system settings that are required to match the policy.

    The Operating System condition specifies the operating system (operating system version or service pack number), role (client or server), and architecture (x86, x64, or ia64) required for the computer configuration to match the policy.

    Question No: 97 HOTSPOT – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. You implement DirectAccess.

    You need to view the properties of the DirectAccess connection.

    Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.

    Ensurepass 2017 PDF and VCE

    Answer:

    Ensurepass 2017 PDF and VCE

    Question No: 98 – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.

    You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.

    Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

    1. On Server1, create a collector initiated subscription.

    2. On Server1, create a source computer initiated subscription.

    3. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

    4. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

    Answer: B,C Explanation:

    To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstation.

  • Group Policy

    The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting:

    Computer configuration-Administrative templates-Windows components-Event forwarding- Configure the server address, refresh interval, and issue certificate authority of a target subscription manager.

  • Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates

| Windows Components | Event Forwarding – Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager.

Question No: 99 HOTSPOT – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2.

You enable the EventLog-Application event trace session.

You need to set the maximum size of the log file used by the trace session to 10 MB.

From which tab should you perform the configuration? To answer, select the appropriate tab in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Ensurepass 2017 PDF and VCE

Note: By default, logging stops only if you set an expiration date as part of the logging schedule. Using the options on the Stop Condition tab, you can configure the log file to stop automatically after a specified period of time, such as seven days, or when the log file is full (if you’ve set a maximum size limit).

Question No: 100 HOTSPOT – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Both servers have the DFS Replication role

service installed.

You need to configure the DFS Replication environment to meet the following requirements:

->Increase the quota limit of the staging folder.

->Configure the staging folder cleanup process to provide the highest amount of free space possible.

Which cmdlets should you use to meet each requirement? To answer, select the appropriate options in the answer area.

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Topic 2, Volume B

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 81-90

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 81 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1.

You create a global group named RODC_Admins.

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.

What should you do?

  1. From Active Directory Sites and Services, run the Delegation of Control Wizard.

  2. From a command prompt, run the dsadd computer command.

  3. From Active Directory Site and Services, configure the Security settings of the R0DC1 server object.

  4. From a command prompt, run the dsmgmt local roles command.

Answer: D Explanation:

RODC: using the dsmgmt.exe utility to manage local administrators

One of the benefits of RODC is that you can add local administrators who do not have full

access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

Question No: 82 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

A local account named Admin1 is a member of the Administrators group on Server1.

You need to generate an audit event whenever Admin1 is denied access to a file or folder. What should you run?

  1. auditpol.exe /set /userradmin1 /failure: enable

  2. auditpol.exe /set /user: admin1 /category: quot;detailed trackingquot; /failure: enable

  3. auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure

  4. auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga

Answer: C Explanation:

http: //technet. microsoft. com/en-us/library/ff625687. aspx

To set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders:

auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: FRFW

http: //technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx Syntax

auditpol /resourceSACL

[/set /type: lt;resourcegt; [/success] [/failure] /user: lt;usergt; [/access: lt;access flagsgt;]] [/remove /type: lt;resourcegt; /user: lt;usergt; [/type: lt;resourcegt;]]

[/clear [/type: lt;resourcegt;]]

[/view [/user: lt;usergt;] [/type: lt;resourcegt;]]

References:

http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/ff625687. aspx

http: //technet. microsoft. com/en-us/library/ff625687(v=ws. 10). aspx

Question No: 83 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains 200 Group Policy objects (GPOs).

An administrator named Admin1 must be able to add new WMI filters from the Group Policy Management Console (GPMC).

You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1.

What should you do?

  1. From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers group.

  2. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.

  3. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.

  4. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.

Answer: D Explanation:

Users with Full control permissions can create and control all WMI filters in the domain, including WMI filters created by others.

Users with Creator owner permissions can create WMI filters, but can only control WMI

filters that they create.

Reference: http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx

Question No: 84 – (Topic 1)

You are a network administrator of an Active Directory domain named contoso.com.

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed.

You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.

You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients.

Which criteria should you specify when you create the DHCP policy?

  1. The client identifier

  2. The user class

  3. The vendor class

  4. The relay agent information

Answer: B Explanation:

Ensurepass 2017 PDF and VCE

To configure a NAP-enabled DHCP server

->On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press ENTER.

->In the DHCP console, open lt;servernamegt;\IPv4.

->Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.

->On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK.

->In the DHCP console tree, under the DHCP scope that you have selected, right- click Scope Options, and then click Configure Options.

->On the Advanced tab, verify that Default User Class is selected next to User class.

->Select the 003 Router check box, and in IP Address, under Data entry, type the IP

address for the default gateway used by compliant NAP client computers, and then click Add.

->Select the 006 DNS Servers check box, and in IP Address, under Data entry, type

the IP address for each router to be used by compliant NAP client computers, and then click Add.

->Select the 015 DNS Domain Name check box, and in String value, under Data

entry, type your organization#39;s domain name (for example, woodgrovebank. local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.

->On the Advanced tab, next to User class, choose Default Network Access

Protection Class.

->Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.

->Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.

->Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.

Woodgrovebank. local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients.

->Click OK to close the Scope Options dialog box.

->Close the DHCP console.

Reference: http: //technet.microsoft.com/en-us/library/dd296905(v=ws.10).aspx

Question No: 85 HOTSPOT – (Topic 1)

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.

What should you modify? To answer, select the appropriate object in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Ensurepass 2017 PDF and VCE

http: //technet. microsoft. com/en-us/library/cc771298(v=ws. 10). aspx

Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic.

Question No: 86 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.

Ensurepass 2017 PDF and VCE

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. From the Remote Access Management Console, reload the configuration.

  2. Add Server2 to a security group in Active Directory.

  3. Restart the IPSec Policy Agent service on Server2.

  4. From the Remote Access Management Console, modify the Infrastructure Servers settings.

  5. From the Remote Access Management Console, modify the Application Servers settings.

Answer: B,E Explanation:

Unsure about these answers:

->A public key infrastructure must be deployed.

->Windows Firewall must be enabled on all profiles.

->ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6.

->Computers that are running the following operating systems are supported as DirectAccess clients:

Windows Server庐 2012 R2 Windows 8.1 Enterprise

Windows Server庐 2012

Windows 8 Enterprise Windows Server庐 2008 R2 Windows 7 Ultimate

Windows 7 Enterprise

->Force tunnel configuration is not supported with KerbProxy authentication.

->Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.

->Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.

Question No: 87 – (Topic 1)

You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.

You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

You need to configure a pre-staged device for VM1 in the Windows Deployment Services console.

Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A. 979708BFC04B45259FE0C4150BB6C618

B. 979708BF-C04B-4525-9FE0-C4150BB6C618

C. 00155D000F1300000000000000000000

D. 0000000000000000000000155D000F13

E. 00000000-0000-0000-0000-C4150BB6C618

Answer: B,D Explanation:

Use client computer#39;s media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.

Reference: http: //technet. microsoft. com/en-us/library/cc754469. aspx

Question No: 88 – (Topic 1)

You have a file server that has the File Server Resource Manager role service installed.

You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

You need to ensure that all of the folders in Folder1 have a 100-MB quota limit. What should you do?

  1. Run the Update FsrmQuotacmdlet.

  2. Run the Update-FsrmAutoQuotacmdlet.

  3. Create a new quota for Folder1.

  4. Modify the quota properties of Folder1.

Answer: C Explanation:

By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server Resource Manager automatically generates quotas that are based on that template. Quotas are generated for each of the existing subfolders and for subfolders that you create in the future.

Ensurepass 2017 PDF and VCE

Ref: http://technet.microsoft.com/en-us/library/cc731577.aspx

Question No: 89 – (Topic 1)

You have a server named Server1 that runs Windows Server 2012 R2.

On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is

configured to store performance log data in C:\Logs.

You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size.

What should you configure?

  1. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder

  2. The Data Manager settings of DCS1

  3. A schedule for DCS1

  4. A File Server Resource Manager (FSRM) quota on the C:\Logs folder

    Answer: B Explanation:

    To configure data management for a Data Collector Set

    1. In Windows Performance Monitor, expand Data Collector Sets and click User Defined.

    2. In the console pane, right-click the name of the Data Collector Set that you want to configure and click Data Manager.

    3. On the Data Manager tab, you can accept the default values or make changes according to your data retention policy. See the table below for details on each option.

      When Minimum free disk or Maximum folders is selected, previous data will be deleted according to the Resource policy you choose (Delete largest or Delete oldest) when the limit is reached. When Apply policy before the data collector set starts is selected, previous data will be deleted according to your selections before the data collector set creates its next log file.

      When Maximum root path size is selected, previous data will be deleted according to your selections when the root log folder size limit is reached.

    4. Click the Actions tab. You can accept the default values or make changes. See the table below for details on each option.

    5. When you have finished making your changes, click OK.

      Question No: 90 – (Topic 1)

      Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.

      Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1.

      Users report that App1 responds more slowly than expected.

      You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.

      Which performance object should you monitor on Server1?

      1. Processor

      2. Hyper-V Hypervisor Virtual Processor

      3. Hyper-V Hypervisor Logical Processor

      4. Hyper-V Hypervisor Root Virtual Processor

      5. Process

Answer: C Explanation:

In the simplest way of thinking the virtual processor time is cycled across the available logical processors in a round-robin type of fashion. Thus all the processing power gets used over time, and technically nothing ever sits idle.

To accurately measure the processor utilization of a guest operating system, use the “\Hyper-V Hypervisor Logical Processor (Total)\% Total Run Time” performance monitor counter on the Hyper-V host operating system.

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

[Free] 2017(Sep) EnsurePass Passguide Microsoft 70-411 Dumps with VCE and PDF 71-80

EnsurePass
2017 Sep Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/70-411.html

Administering Windows Server 2012

Question No: 71 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.

You install the Remote Access server role on 10 servers.

You need to ensure that all of the Remote Access servers use the same network policies.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.

  2. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.

  3. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.

  4. Configure each Remote Access server to use a RADIUS server named NPS1.

  5. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.

Answer: C,D Explanation:

Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.

When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.

To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.

Reference: http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx

Question No: 72 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP or Windows 8.

Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV).

You need to identify which policy settings can be applied to all of the computers.

Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

  1. Antispyware is up to date.

  2. Automatic updating is enabled.

  3. Antivirus is up to date.

  4. A firewall is enabled for all network connections.

  5. An antispyware application is on.

Answer: B,C,D Explanation:

The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware applications.

Ensurepass 2017 PDF and VCE

Question No: 73 HOTSPOT – (Topic 1)

Your network contains an Active Directory domain named contoso.com.

You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.

You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.

You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort.

Which two audit policies should you configure in GPO1? To answer, select the appropriate two objects in the answer area.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Question No: 74 – (Topic 1)

Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.

Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.

You need to copy GPO1 from dev.contoso.com to contoso.com. What should you do first on DC2?

  1. From the Group Policy Management console, right-click GPO1 and select Copy.

  2. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter.

  3. Run the Save-NetGpocmdlet.

  4. Run the Backup-Gpocmdlet.

Answer: A Explanation:

To copy a Group Policy object:

In the GPMC console tree, right-click the GPO that you want to copy, and then click Copy. To create a copy of the GPO in the same domain as the source GPO, right-click Group Policy objects, click Paste, specify permissions for the new GPO in the Copy GPO box, and then click OK.

For copy operations to another domain, you may need to specify a migration table.

The Migration Table Editor (MTE) is provided with Group Policy Management Console (GPMC) to facilitate the editing of migration tables. Migration tables are used for copying or importing Group Policy objects (GPOs) from one domain to another, in cases where the GPOs include domain-specific information that must be updated during copy or import.

Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available.

Copy a Group Policy Object with the Group Policy Management Console (GPMC)

You can copy a Group Policy object (GPO) either by using the drag-and-drop method or right-click method.

Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012

References:

http://technet.microsoft.com/en-us/library/cc785343(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc733107.aspx

Question No: 75 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise.

You implement a Group Policy central store.

You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers.

You need to deploy the custom registry setting. The solution must minimize administrator effort.

What should you configure in a Group Policy object (GPO)?

  1. The Software Installation settings

  2. The Administrative Templates

  3. An application control policy

  4. The Group Policy preferences

Answer: D Explanation:

->Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.

->In the console tree under Computer Configuration or User Configuration, expand

the Preferences folder, and then expand the Windows Settings folder.

->Right-click the Registry node, point to New, and select Registry Item.

Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later).

You can also use Group Policy preferences to configure applications that are not Group

Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. The Group Policy Management

Editor (GPME) includes Group Policy preferences.

References:

http: //technet.microsoft.com/en-us/library/gg699429.aspx

http: //www. unidesk. com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling- machine-password

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Question No: 76 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.

The domain is renamed to adatum.com. Group Policies no longer function correctly.

You need to ensure that the existing GPOs are applied to users and computers. You want to achieve this goal by using the minimum amount of administrative effort.

What should you use?

  1. Dcgpofix

  2. Get-GPOReport

  3. Gpfixup

  4. Gpresult

  5. Gpedit. msc

  6. Import-GPO

  7. Restore-GPO

  8. Set-GPInheritance

  9. Set-GPLink

  10. Set-GPPermission

  11. Gpupdate

  12. Add-ADGroupMember

Answer: C Explanation:

You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and NetBIOS names after a domain rename operation.

Reference: http: //technet. microsoft. com/en-us/library/hh852336(v=ws. 10). aspx

Question No: 77 – (Topic 1)

Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2.

All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers.

A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group.

You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.

Ensurepass 2017 PDF and VCE

When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short.

You need to tell User1 what her minimum password length is. What should you tell User1?

  1. 10

  2. 11

  3. 12

  4. 14

Answer: A Explanation:

One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In this case, the PSO that has the precedence value of 2 has a higher rank and, hence, is applied to the object.

Question No: 78 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com.

You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.

You need to ensure that the new zone will be available only on DC5 and DCG. What should you do first?

  1. Change the zone replication scope.

  2. Create an Active Directory connection object.

  3. Create an Active Directory site link.

  4. Create an application directory partition.

Answer: D Explanation:

You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition.

Question No: 79 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.

You create an Active Directory snapshot of DC1 each day.

You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?

  1. Run the dsamain.exe command.

  2. Stop the Active Directory Domain Services (AD DS) service.

  3. Start the Volume Shadow Copy Service (VSS).

  4. Run the ntdsutil.exe command.

Answer: A Explanation:

Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server.

Reference: http://technet.microsoft.com/en-us/library/cc772168.aspx

Question No: 80 HOTSPOT – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.

Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.

You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2017 PDF and VCE

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

100% Free Download!
Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 70-411 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE