Braindump2go New Updated Microsoft 70-411 Dumps Free Download Now! 100% Pass Your 70-411 Exam One Time At Your First Try! Instant Download 70-411 Dumps Full Version From Braindump2go Now!
Vendor: Microsoft
Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam
QUESTION 16
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to support the resolution of names in fabrikam.com.
The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?
A. Add a forwarder.
B. Create a stub zone.
C. Create a conditional forwarder.
D. Create a secondary zone.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771898.aspx
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable
While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone.
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Stub_Zones.html http://technet.microsoft.com/en-us/library/cc771898.aspx http://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=2
QUESTION 17
Hotspot Question
Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
You have two user accounts named User1 and User2.
User1 and User2 are the members of a group named Group1.
User1 has the Department value set to Accounting, user2 has the Department value set to Marketing.
Both users have the Employee Type value set to Contract Employee.
You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
Answer:
QUESTION 18
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configure to notify secondary servers of changes automatically.
You update several records on Server1.
You need to force the replication of the contoso.com zone records from Server1 to Server2.
What should you do from Server2?
A. Right-click Server2 and click Update Server Data Files.
B. Right-click Server2 and click Refresh.
C. Right-click the contoso.com zone and click Reload.
D. Right-click the contoso.com zone and click Transfer from Master.
Answer: D
Explanation:
A. For standard primary zones, this procedure causes the DNS server to immediately write its in- memory changes out to disk for storage with the zone file.
D. Initiates zone transfer from secondary server
http://technet.microsoft.com/en-us/library/cc786985(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc779391(v=ws.10).aspx
QUESTION 19
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
What should you do next?
A. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management.
Link GPO1 to the Domain Controllers organizational unit (OU).
B. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management.
Move the member servers to a new organizational unit (OU).
Link GPO1 to the new OU.
C. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use.
Link GPO1 to the Domain Controllers organizational unit (OU).
D. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use.
Move the member servers to a new organizational unit (OU).
Link GPO1 to the new OU.
Answer: A
Explanation:
Audit User Account Management
This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed:
– A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked.
– A user account password is set or changed.
– Security identifier (SID) history is added to a user account.
– The Directory Services Restore Mode password is set.
– Permissions on accounts that are members of administrators groups are changed.
– Credential Manager credentials are backed up or restored.
This policy setting is essential for tracking events that involve provisioning and managing
user accounts.
QUESTION 20
You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?
A. Show-DNSServerCache
B. dnscacheugc.exe
C. ipconfig.exe /displaydns
D. nslookup.exe
Answer: A
Explanation:
Show-DnsServerCache – Shows the records in a DNS Server Cache.
The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in the following format: Name, ResourceRecordData, Time-to-Live (TTL).
http://technet.microsoft.com/en-us/library/jj649915.aspx
http://www.windowsnetworking.com/articles_tutorials/Managing-DNS-servers-using-PowerShell.html
QUESTION 21
Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com All servers dynamically register their host names.
You install the new Web servers that host identical copies of your company’s intranet website. The servers are configured as shown in the following table.
You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the two Web servers.
What is the minimum number of DNS records that you should create manually?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation:
An A records for each IP is needed
intranet.contoso.com > 10.0.0.20
intranet.contoso.com > 10.0.0.21
intranet.contoso.com > 10.0.0.22
http://technet.microsoft.com/en-us/library/cc772506.aspx
http://technet.microsoft.com/en-us/library/gg398251.aspx
QUESTION 22
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys.
What should you modify?
To answer, select the appropriate object in the answer area.
Answer:
Explanation:
The four types of tunneling protocols used with a VPN/RAS server running on Windows Server 2012 include:
Point-to-Point Tunneling Protocol (PPTP):
A VPN protocol based on the legacy Point-to-Point protocol used with modems.
The PPTP specification does not describeencryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement security functionality.
Layer 2 Tunneling Protocol (L2TP): Used with IPsec to provide security.
L2TP supports either computer certificates or a preshared key as the authentication method for IPsec. IKEv2: IKE is short for Internet Key Exchange, which is a tunneling protocol that uses IPsec Tunnel Mode protocol. The message is encrypted with one of the following protocols by using encryption keys that are generated from the IKEv2 negotiation process.
Secure Socket Tunneling Protocol (SSTP): Introduced with Windows Server 2008, which uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls
http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
QUESTION 23
Hotspot Question
You have a server named Servers that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed.
Server5 contains several custom images of Windows 8.
You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image 1.
What should you configure?
To answer, select the appropriate tab in the answer area.
Answer:
QUESTION 24
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A. Add-ClusterVmMonitoredItem
B. Add-ClusterGenericServiceRole
C. Set-ClusterResourceDependency
D. Enable VmResourceMetering
Answer: A
Explanation:
The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event
Tracing for Windows (ETW) event so that it is monitored on a virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource. For example, the configuration might specify that the virtual machine be restarted.
QUESTION 25
Your company has a main office and a branch office.
The main office contains a server that hosts a Distributed File System (DFS) replicated folder.
You plan to implement a new DFS server in the branch office.
You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office.
You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets.
Which additional command or cmdlet should you include in the recommendation?
A. Robocopy.exe
B. Synchost.exe
C. Export-BcCachePackage
D. Sync-DfsReplicationGroup
Answer: A
Explanation:
By preseeding files before you set up DFS Replication, add a new replication partner, or replace a server, you can speed up initial synchronization and enable cloning of the DFS Replication database in Windows Server 2012 R2. The Robocopy method is one of several preseeding methods
QUESTION 26
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their client computer.
You need to ensure that all of the scripts execute completely before the users can access their desktop.
Which setting should you configure?
To answer, select the appropriate setting in the answer area.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/cc738773(v=ws.10).aspx
Run logon scripts synchronously
Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.
If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously.
QUESTION 27
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. Server Manager
B. Active Directory Users and Computers
C. The Gpupdate command
D. Group Policy Management Console (GPMC)
Answer: D
Explanation:
Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke- GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
http://technet.microsoft.com/en-us//library/jj134201.aspx http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate.aspx
QUESTION 28
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?
A. Group Policy Management
B. Server Manager
C. Get-ADAccountResultantPasswordReplicationPolicy
D. Active Directory Administrative Center
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc770848(v=ws.10).aspx
Incorrect:
* Get-ADFineGrainedPasswordPolicy
Gets one or more Active Directory fine grained password policies.
* To store fine-grained password policies, Windows Server 2008 includes two new object classes in the Active Directory Domain Services (AD DS) schema:
Password Settings Container
Password Settings
The Password Settings Container (PSC) object class is created by default under the System container in the domain. It stores the Password Settings objects (PSOs) for that domain.
QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You need to prevent all of the GPOs at the site level and at the domain level from being applied to users and computers in an organizational unit (OU) named OU1.
You want to achieve this goal by using the minimum amount of Administrative effort.
What should you use?
A. dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Import-GPO
H. Restore-GPO
I. Set-GPInheritance
J. Set-GPLink
K. Set-GPPermission
L. Gpupdate
M. Add-ADGroupMember
Answer: I
Explanation:
http://technet.microsoft.com/en-us/library/ee461032.aspx
http://technet.microsoft.com/en-us/library/cc757050.aspx
QUESTION 30
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?
A. dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: I
Explanation:
The Set-GPLink cmdlet sets the properties of a GPO link.
You can set the following properties:
— Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed for the site, domain or OU.
— Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container.
— Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU. http://technet.microsoft.com/en-us/library/ee461022.aspx
Thanks For Trying Braindump2go Latest Microsoft 70-411 Dumps Questions! Braindump2go Exam Dumps ADVANTAGES:
☆ 100% Pass Guaranteed Or Full Money Back!
☆ Instant Download Access After Payment!
☆ One Year Free Updation!
☆ Well Formated: PDF,VCE,Exam Software!
☆ Multi-Platform capabilities – Windows, Laptop, Mac, Android, iPhone, iPod, iPad.
☆ Professional, Quick,Patient IT Expert Team 24/7/365 Onlinen Help You!
☆ We served more than 35,000 customers all around the world in last 5 years with 98.99% PASS RATE!
☆ Guaranteed Secure Shopping! Your Transcations are protected by Braindump2go all the time!
☆ Pass any exams at the FIRST try!