2016 Feburary NEW UPDATED 70-411 Exam Questions Released Today!
Exam Code: 70-411
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Corresponding Certifications: MCSA, MCSA: Windows Server 2012, MCSE, MCSE: Desktop Infrastructure, MCSE: Private Cloud, MCSE: Server Infrastructure
2016 70-411 NEW Skills will be tested:
Deploy, manage, and maintain servers
Configure File and Print Services
Configure network services and access
Configure a Network Policy Server (NPS) infrastructure
Configure and manage Active Directory
Configure and manage Group Policy
ATTENTION: 2016 NEW ADDED 70-411 Exam Questions are the most important in passing 70-411 Exam!
A PART of 2016 70-411 NEW Exam Questions:
QUESTION 431
Server1 download update from microsoft update.
You have Server2 that must syncronize update from Server1.
Have firewall separate between Server1 and Server2.
Which port should to open on Server2 to syncronize ?
A. 80
B. 443
C. 3389
D. 8530
Answer: D
QUESTION 432
How to create or remove service account?
A. Add-ADComputerServiceAccount
B. New-ADGroup
Answer: A
Explanation:
To create a new managed service account
Add-ADComputerServiceAccount
Creating and using managed service accounts
The following procedures can be used to create and administer managed service accounts.
To import the Active Directory module for Windows PowerShell
Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell icon.
Run the following command: Import-Module ActiveDirectory.
To create a new managed service account
On the domain controller, click Start, and then click Run. In the Open box, type dsa.msc, and then click OK to open the Active Directory Users and Computers snap-in. Confirm that the Managed Service Account container exists.
Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell icon.
Run the following command: New-ADServiceAccount [-SAMAccountName <String>] [-Path <String>].
Associate the new MSA to the computer account by running the following command: Add-ADComputerServiceAccount [-Identity] <ADComputer> <ADServiceAccount[]>
See Add-ADComputerServiceAccount for the complete syntax.
https://technet.microsoft.com/en-us/library/dd548356(v=ws.10).aspx
QUESTION 433
You configure server1 for ssl for all wsus metadata by using a CA. Server2 must sync from server1.
A. from iis, import certificate
B. from update services, windows server update services config wizard
C. cmd, wsutil.exe configssl server2
D. cmd, wsutil.exe configssl server1
Answer: D
Explanation:
Note, template command WSUSUtil.exe configuressl <Intranet FQDN of the site system server>.
QUESTION 434
You have a server named Server1.
You enable BitLocker Drive Encryption (BitLocker) on Server1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?
A. Initialize-Tpm
B. Import-TpmOwnerAuth
C. repair-bde.exe
D. bdehdcfg-exe
Answer: B
Explanation:
The Import-TpmOwnerAuth cmdlet imports a valid Trusted Platform Module (TPM) owner authorization value to the registry.
https://technet.microsoft.com/en-us/%5Clibrary/JJ603118(v=WPS.630).aspx
QUESTION 435
You deploy a Windows Server Update Services (WSUS) server named Server01.
You plan to use a Group Policy object (GPO) to configure all client computers to use Server01 as a Microsoft update server and assign the client computers to computer groups.
You need to ensure that the computer are assigned to the correct computer groups automatically when the GPO is deployed.
Which two actions should you platform before you deploy the GPO? Each correct answer presents parts of solution.
A. From Windows PowerShell, run the Approve-WSUSUpdate cmdlet.
B. From Windows PowerShell, run the Add-WSUSUpdate cmdlet.
C. From the Update Service console, manually create the computer groups.
D. From the Update Service console, modify the Computers option.
E. From the Update Service console, modify the Products and Classifications options.
Answer: AC
QUESTION 436
Your Network contains oneActive Directory domain named contoso.com.
You pilot DirectAccess on the network.
During the pilot deployment, you enable DirectAccess only for a group Contoso\Test Computers.
Ones the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.
What should you do?
A. From Group Policy Management, modify the security filtering of an object named Direct Access Server Setting Group Policy.
B. From Active Directory Users and Computers, modify the membership of the Windows Authorization Access Group.
C. From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.
D. From Remote Access Management Console, run the remote access Server Setup wizard.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/jj574180.aspx
http://technet.microsoft.com/en-us/library/hh918432(v=wps.630).aspx
QUESTION 437
Your Network contains oneActive Directory domain named contoso.com.
You pilot DirectAccess on the network.
During the pilot deployment, you enable DirectAccess only for a group Contoso\Test Computers.
Ones the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.
What should you do?
A. From Windows PowerShell, run the Ser-DAServer cmdlet.
B. From Remote Access Management Console, run the remote access Server Setup wizard.
C. From Group Policy Management, modify the security filtering of an object named Direct Access Server Setting Group Policy
D. From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.
Answer: D
QUESTION 438
Your Network contains oneActive Directory domain named contoso.com.
You pilot DirectAccess on the network.
During the pilot deployment, you enable DirectAccess only for a group Contoso\Test Computers.
Ones the pilot is complete, you need to enable DirectAccess for all the client computers in the domain.
What should you do?
A. From Windows PowerShell, run the Ser-DAClient cmdlet.
B. From Windows PowerShell, run the Ser-DirectAccess cmdlet.
C. From Active Directory Users and Computers, modify the membership of the Windows Authorization Access Group.
D. From Group Policy Management, modify the security filtering of an object named Direct Access Client Setting Group Policy.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/jj574180.aspx
http://technet.microsoft.com/en-us/library/hh918432(v=wps.630).aspx
QUESTION 439
Your network contains an Active Directory domain named contoso.com.
All user accounts reside in an organizational unit (OU) named OU1.
All of the users in the marketing department are members of a group named Marketing.
All of the users in the human resources department are members of a group named HR.
You create a Group Policy object (GPO) named GPO1.
You link GPO1 to OU1.
You configure the Group Policy preferences of GPO1 to add two shortcuts named Link1 and Link2 to the desktop of each user.
You need to ensure that Link1 only appears on the desktop of client computers that have more than 80 GB of free disk space and Link2 only appears on the desktop of client computers that have less than 80 GB of free disk space.
What should you configure?
A. Group Policy Inheritance
B. WMI Filtering
C. Security Filtering
D. Item-level targeting
Answer: B
QUESTION 440
Drag and Drop Question
You have a group Managed Service Account named Account01. Only tree servers named Server01, Server02 and Server03 allowed to use the Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account. The solution must be ensure that Server02 and Server03 continue to use the Account01 service account.
What command should you run?
Drop Down
Remove-ADServiceAccount
Reset-ADServiceAccount
Set- ADServiceAccount
Account01>>
-DNSHomeName
-PrincipalsAllowedToRetrieveManagedPassword
-SAMAccountName
-Server
>>>
Server01
Server01$
Server02, Server 03
Server02$, Server03$
Answer: Set- ADServiceAccount-PrincipalsAllowedToRetrieveManagedPassword Server02$, Server03$
QUESTION 441
Your Network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2.
A central store is configured on the domain controller named DC1.
You have a custom administrative template file name App1.admx. App1.admx contains application setting for an application App1.
You copy App1.admx to the central store.
You create a Group Policy object (GPO) name App1_Setting.
When you edit App1_Settings, you receive the warning massage show in following…
>>Exhibit>>
An appropriate recource file could not be found for file \\contoso.com\SysVol\contoso.com\PoliciesDefinations\App1.admx (error =2):
The system cannot find the file specified.
You need to ensure that you can edit the settings for App1_Settings GPO.
What should you do?
A. Copy an ADML file to the central store.
B. Move the ADMX file to the local PolicyDefinations Folder.
C. Modify the permission of the ADMX File.
D. Add an Administrative Template to the App1_Settings GPO.
Answer: A
QUESTION 442
Your network contains an Active Directory domain named contoso.com.
Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?
A. Group Policy Management
B. Get-ADFineGrainedPasswordPolicy
C. Get-ADDefaultDomainPasswordPolicy
D. Server Manager
Answer: B
Explanation:
The Get-ADFineGrainedPasswordPolicy cmdlet gets a fine grained password policy or performs a search to retrieve multiple fine grained password policies.
Note:
* In Windows Server 2008 (and later), you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain. For example, to increase the security of privileged accounts, you can apply stricter settings to the privileged accounts and then apply less strict settings to the accounts of other users. Or in some cases, you may want to apply a special password policy for accounts whose passwords are synchronized with other data sources.
2016 70-411 NEW Exam Questions 442Q Full Version Free Shared: http://www.braindump2go.com/70-411.html