Free Download 70-411 Exam VCE Test Software With All Latest 70-411 Exam Questions from Braindump2go (91-105)
Braindump2go New Updated Microsoft 70-411 Dumps Free Download Now! 100% Pass Your 70-411 Exam One Time At Your First Try! Instant Download 70-411 Dumps Full Version From Braindump2go Now!
Vendor: Microsoft
Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam
QUESTION 91
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
All domain controllers run Windows Server 2012 R2 and are configured as DNS servers.
All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use?
To answer, select the appropriate naming context in the answer area.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/dd392260%28v=ws.10%29.aspx
QUESTION 92
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
What should you do?
A. Transfer the schema master to DC6.
B. Transfer the schema master to DC4.
C. Transfer the PDC emulator to DC2.
D. Transfer the PDC emulator to DC5.
Answer: C
Explanation:
A deployed Windows Server 2012 domain controller (virtualized or physical) that hosts the PDC emulator role (DC1). To verify whether the PDC emulator role is hosted on a Windows Server 2012 domain controller, run the following Windows PowerShell command:
Get-ADComputer (Get-ADDomainController – Discover – Service "PrimaryDC"). Name – Property
operatingsystemversion | fl
http://technet.microsoft.com/en-us/library/hh831734.aspx#steps_deploy_vdc
QUESTION 93
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You need to audit successful and failed attempts to read data from USB drives on the servers.
Which two objects should you configure?
To answer, select the appropriate two objects in the answer area.
Answer:
QUESTION 94
Hotspot Question
You have a server named Server4 that runs Windows Server 2012 R2.
Server4 has the Windows Deployment Services server role installed.
Server4 is configured as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
Answer:
QUESTION 95
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You have a desktop computer that has the following configuration:
– Computer name: Computer1
– Operating system: Windows 8
– MAC address: 20-CF-30-65-D0-87
– GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618
You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.
Which two values should you assign to the device ID?
(Each correct answer presents a complete solution. Choose two.)
A. 20CF3065D08700000000000000000000
B. 979708BFC04B45259FE0C4150BB6C618
C. 979708BF-C04B-452S-9FE0-C4150BB6C618
D. 0000000000000000000020CF306SD087
E. 00000000-0000-0000-0000-C41S0BB6C618
Answer: CD
Explanation:
* To add or remove pre-staged client to/from AD DS, specify the name of the computer or the device ID, which is a GUID, media access control (MAC) address, or Dynamic Host Configuration Protocol (DHCP) identifier associated with the computer.
* Example: Remove a device by using its ID from a specified domain This command removes the pre-staged device that has the specified ID. The cmdlet searches the domain named TSQA.Contoso.com for the device.
Windows PowerShell
PS C:\> Remove-WdsClient -DeviceID "5a7a1def-2e1f-4a7b-a792-ae5275b6ef92" -Domain -DomainName "TSQA.Contoso.com"
QUESTION 96
Hotspot Question
Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.
The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.
All client computers obtain their IPv4 and IPv6 addresses from DHCP.
You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
Answer:
QUESTION 97
Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?
A. Add your user account to the Group Policy Creator Owners group.
B. Configure all domain controllers as global catalog servers.
C. Copy files from %Windir%\Policydefimtions to the central store.
D. Modify the Delegation settings of the new GPOs.
Answer: C
Explanation:
To take advantage of the benefits of . admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any . admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
QUESTION 98
Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.
Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.
You need to copy GPO1 from dev.contoso.com to contoso.com.
What should you do first on DC2?
A. From the Group Policy Management console, right-click GPO1 and select Copy.
B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC:DC 1 parameter.
C. Run the Save-NetGpocmdlet.
D. Run the Backup-Gpocmdlet.
Answer: A
Explanation:
To copy a Group Policy object:
In the GPMC console tree, right-click the GPO that you want to copy, and then click Copy.
To create a copy of the GPO in the same domain as the source GPO, right-click Group Policy objects , click Paste , specify permissions for the new GPO in the Copy GPO box, and then click OK .
For copy operations to another domain, you may need to specify a migration table.
The Migration Table Editor (MTE) is provided with Group Policy Management Console (GPMC) to facilitate the editing of migration tables. Migration tables are used for copying or importing Group Policy objects (GPOs) from one domain to another, in cases where the GPOs include domain-specific information that must be updated during copy or import.
Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available.
Copy a Group Policy Object with the Group Policy Management Console (GPMC)
You can copy a Group Policy object (GPO) either by using the drag-and-drop method or right-click method.
Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012
http://technet.microsoft.com/en-us/library/cc785343(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc733107.aspx
QUESTION 99
Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Server 3, and Server4.
Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1.
You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receive connection requests if both Server2 and Server3 are unavailable.
How should you configure Group1?
A. Change the Weight of Server4 to 10.
B. Change the Weight of Server2 and Server3 to 10.
C. Change the Priority of Server2 and Server3 to 10.
D. Change the Priority of Server4 to 10.
Answer: D
Explanation:
During the NPS proxy configuration process, you can create remote RADIUS server groups and then add RADIUS servers to each group. To configure load balancing, you must have more than one RADIUS server per remote RADIUS server group. While adding group members, or after creating a RADIUS server as a group member, you can access the Add RADIUS server dialog box to configure the following items on the Load Balancing tab:
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server.
For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.
Weight. NPS uses this Weight setting to determine how many connection requests to send to each group member when the group members have the same priority level. Weight setting must be assigned a value between 1 and 100, and the value represents a percentage of 100 percent. For example, if the remote RADIUS server group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxy forwards 50 percent of the connection requests to each RADIUS server.
Advanced settings. These failover settingsprovide a way for NPS to determine whether the remote RADIUS server is unavailable. If NPS determines that a RADIUS server is unavailable, it can start sending connection requests to other group members. With these settings you can configure the number of seconds that the NPS proxy waits for a response from the RADIUS server before it considers the request dropped; the maximum number of dropped requests before the NPS proxy identifies the RADIUS server as unavailable; and the number of seconds that can elapse between requests before the NPS proxy identifies the RADIUS server as unavailable.
The default priority is 1 and can be changed from 1 to 65535. So changing server 2 and 3 to priority 10 is not the way to go.
http://technet.microsoft.com/en-us/library/dd197433(WS.10).aspx
QUESTION 100
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role installed. The network contains 400 client computers that run Windows 8. All of the client computers are joined to the domain and are configured DHCP clients.
You install a new server named Server2 that runs Windows Server 2012 R2.
On Server2, you install the Network Policy Server role service and you configure Network Access Protection (NAP) to use the DHCP enforcement method.
You need to ensure that Server1 only provides a valid default gateway to computers that pass the system health validation.
Which two actions should you perform?
(Each correct answer presents part of the solution. Choose two.)
A. From the DHCP console, configure the 016 Swap Server option.
B. From the DHCP console, create a new policy.
C. From the NAP Client Configuration console, enable the DHCP Quarantine Enforcement Client.
D. From the DHCP console, enable NAP on all scopes.
E. From Server Manager, install the Network Policy Server role service.
Answer: DE
Explanation:
D: The administrator must define the following settings on the NAP DHCP server:
/ (D) NAP-enabled scopes: In order to use a DHCP scope with NAP, you must enable it specifically for NAP in scope properties under NAP settings.
/ Default NAP class: You must configure any required scope options for computers that are noncompliant with health requirements. A default gateway is not provided to noncompliant computers regardless of whether the 003 Router option is configured here. / Remote RADIUS server groups: If connection requests are forwarded from the DHCP server to a NAP health policy server on another computer, you must configure the NPS service on the NAP DHCP server to forward connection requests to the NAP health policy server. This setting is not required if the NAP DHCP server is also the NAP health policy server. / Default user class: You must configure any required scope options for computers that are compliant with health requirements.
: The NAP DHCP server is a server running Windows Server 2008 or Windows Server 2008 R2 (or Windows 2012) with the DHCP server role installed and running. Additionally, if this server is not also the NAP health policy server, it must have the NPS role service installed (E), running, and configured to forward connection requests to the NAP health policy server. The NAP DHCP server restricts noncompliant client access by providing a limited IP address configuration to computers that do not meet health requirements. A limited access configuration has a subnet mask of 255.255.255.255 and no default gateway. Static host routes are provisioned to provide access to the DHCP server and any servers that have been added to remediation server groups on the NAP health policy server.
Reference: DHCP Enforcement Configuration
QUESTION 101
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Router1.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
A. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50
B. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100
D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50
Answer: B
Explanation:
destination – specifies either an IP address or host name for the network or host.
subnetmask – specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used.
gateway – specifies either an IP address or host name for the gateway or router to use when forwarding.
costmetric – assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes.
If costmetric is not specified, 1 is used.
interface – specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address.
http://support.microsoft.com/kb/299540/en-us
http://technet.microsoft.com/en-us/library/cc757323%28v=ws.10%29.aspx
QUESTION 102
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements.
Which two settings should you configure?
(Each correct answer presents part of the solution. Choose two.)
A. The Called Station ID constraints
B. The MS-Service Class conditions
C. The Health Policies conditions
D. The NAS Port Type constraints
E. The NAP-Capable Computers conditions
Answer: CE
Explanation:
A. Used to designate the phone number of the network access server. This attribute is a character string. You can use pattern-matching syntax to specify area codes.
B. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.
C. The Health Policies condition restricts the policy to clients that meet the health criteria in the policy that you specify.
D. Allows you to specify the type of media used by the client computer to connect to the network. E. The NAP-capable Computers condition restricts the policy to either clients that are capable of participating in NAP or clients that are not capable of participating in NAP. This capability is determined by whether the client sends a statement of health (SoH) to NPS. http://technet.microsoft.com/en-us/library/cc753603.aspx
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731560.aspx
QUESTION 103
Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table.
You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1?
(Each correct answer presents part of the solution. Choose two.)
A. The Authentication settings
B. The User Name condition
C. The Standard RADIUS Attributes settings
D. The Identity Type condition
E. The Location Groups condition
Answer: AB
Explanation:
A: A connection request policy profile is a set of properties that are applied to an incoming RADIUS message. A connection request policy profile consists of the following groups of properties:
/ Authentication
You can set the following authentication options that are used for RADIUS Access-Request messages:
// Authenticate requests on this server.
// Forward requests to another RADIUS server in a remote RADIUS server group. // Accept the connection attempt without performing authentication or authorization.
/ Accounting
/ Attribute manipulation
/ Advanced
B: * A connection request policy is a named rule that consists of the following elements:
/ Conditions
/ Profile
* The User-Name RADIUS attribute is a character string that typically contains a user account location and a user account name. The user account location is also called the realm or realm name, and is synonymous with the concept of domain, including DNS domains, Active Directory domains, and Windows NT 4.0 domains
Note:
* NPS as a RADIUS proxy
The default connection request policy is deleted, and two new connection request policies are created to forward requests to two different domains. In this example, NPS is configured as a RADIUS proxy. NPS does not process any connection requests on the local server. Instead, it forwards connection requests to NPS or other RADIUS servers that are configured as members of remote RADIUS server groups.
QUESTION 104
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.
Server1 provides VPN access to external users.
You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?
A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled – SharedSecret "Secret" -Purpose Accounting
B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled – SharedSecret "Secret" -Purpose Accounting
D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled
Answer: C
Explanation:
Add-RemoteAccessRadius
Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess (DA) and VPN, or one-time password (OTP) authentication for DA.
AccountingOnOffMsg<String>
Indicates the enabled state for sending of accounting on or off messages. The acceptable values for this parameter are:
Enabled.
Disabled. This is the default value.
This parameter is applicable only when the RADIUS server is being added for Remote Access accounting.
QUESTION 105
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 has the Network Policy Server server role installed. Server2 has the DHCP Server server role installed. Both servers run Windows Server 2012 R2.
You are configuring Network Access Protection (NAP) to use DHCP enforcement.
You configure a DHCP scope as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that non-compliant NAP clients receive different DHCP options than compliant NAP clients.
What should you configure on each server?
To answer, select the appropriate options for each server in the answer area.
Answer:
Thanks For Trying Braindump2go Latest Microsoft 70-411 Dumps Questions! Braindump2go Exam DumpsADVANTAGES:
☆ 100% Pass Guaranteed Or Full Money Back!
☆ Instant Download Access After Payment!
☆ One Year Free Updation!
☆ Well Formated: PDF,VCE,Exam Software!
☆ Multi-Platform capabilities – Windows, Laptop, Mac, Android, iPhone, iPod, iPad.
☆ Professional, Quick,Patient IT Expert Team 24/7/365 Onlinen Help You!
☆ We served more than 35,000 customers all around the world in last 5 years with 98.99% PASS RATE!
☆ Guaranteed Secure Shopping! Your Transcations are protected by Braindump2go all the time!
☆ Pass any exams at the FIRST try!