New Braindump2go 70-417 Exam Questions Updated Today! Want to know New Questions in 2015 70-417 Exam? Download Free Braindump2go 70-417 Exam Preparation Materials Now!
Vendor: Microsoft
Exam Code: 70-417
Exam Name: Upgrading Your Skills to MCSA Windows Server 2012 R2 Exam
QUESTION 211
Your network contains an Active Directory domain named contoso.com.
The domain contains two member servers named Server1 and Server2.
You install the DHCP Server server role on Server1 and Server2.
You install the IP Address Management (IPAM) Server feature on Server1.
You notice that you cannot discover Server1 or Server2 in IPAM.
You need to ensure that you can use IPAM to discover the DHCP infrastructure.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. On Server2, run the Add-DhcpServerInDc cmdlet
B. On Server1, uninstall the DHCP Server server role.
C. On Server1, run the Add-IpamServerInventory cmdlet.
D. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet.
E. On Server2, create an IPv4 scope.
Answer: AC
Explanation:
The Add-DhcpServerInDC cmdlet adds the computer running the DHCP server service to the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD). A DHCP server service running on a domain joined computer needs to be authorized in AD so that it can start leasing IP addresses on the network.
The Add-IpamServerInventory cmdlet adds a new infrastructure server to the IP Address Management (IPAM) server inventory. Use the fully qualified domain name (FQDN) of the server to add to the server inventory.
QUESTION 212
Hotspot Question
You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate? To answer, select the appropriate store in the answer area.
Answer:
QUESTION 213
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A. The Remote Access server role
B. A system health validator (SHV)
C. A computer certificate
D. The Host Credential Authorization Protocol (HCAP)
Answer: C
Explanation:
http://technet.microsoft.com/fr-fr/library/dd314165%28v=ws.10%29.aspx
Configure Policies for VPN Enforcement The NAP health policy server uses the Network Policy Server (NPS) role service with configured network policies, health policies, and system health validators (SHVs) to evaluate client health based on administratordefined requirements. Based on the results of this evaluation, NPS instructs the virtual private network (VPN) server to provide full access to compliant NAP client computers and to restrict access to noncompliant client computers when NAP is deployed using full enforcement mode.
Remarque
Before performing this procedure, you must install a certificate for Protected Extensible Authentication Protocol (PEAP) authentication. For more information, see Install a Computer Certificate for PEAP.
You cannot continue without a valid certificate:
QUESTION 214
Your network contains an Active Directory domain named adatum.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution.
Choose two.)
A. The NAS Port Type constraints
B. The Health Policies conditions
C. The Called Station ID constraints
D. The NAP-Capable Computers conditions
E. The MS-Service Class conditions
Answer: DE
Explanation:
The MS-Service Class is how you can specify which subnet the computer must be coming from in order to Apply the policy.
QUESTION 215
Hotspot Question
Your network contains an Active Directory domain named fabrikam.com.
You implement DirectAccess and an IKEv2 VPN.
You need to view the properties of the VPN connection.
Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
Answer:
QUESTION 216
Your network contains an Active Directory domain named contoso.com.
All client computers run Windows 8.
Your company has users who work from home. Some of the home users have desktop computers. Other home users have laptop computers. All of the computers are joined to the domain. All of the computer accounts are members of a group named Group1.
Currently, the home users access the corporate network by using a PPTP VPN.
You implement DirectAccess by using the default configuration and you specify Group1 as the DirectAccess client group. The home users who have desktop computers report that they cannot use DirectAccess to access the corporate network. The home users who have laptop computers report that they can use DirectAccess to access the corporate network.
You need to ensure that the home users who have desktop computers can access the network by using DirectAccess.
What should you modify?
A. The WMI filter for Direct Access Client Settings GPO
B. The conditions of the Connections to Microsoft Routing and Remote Access server policy
C. The membership of the RAS and IAS Servers group
D. The security settings of the computer accounts for the desktop computers
Answer: A
Explanation:
The default settings includes creating a GPO that has a WMI filter for laptops only.
QUESTION 217
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to support the resolution of names in fabrikam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails. What should you do on Server1?
A. Create a stub zone.
B. Create a secondary zone.
C. Add a forwarder.
D. Create a conditional forwarder.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc771898(v=ws.10).aspx
Stub zone doesn’t host the records themselves
Forwarder and conditional forwarders simply give instructions on where to forward DNS requests to.
QUESTION 218
Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. Network Connections
B. DirectAccess Client Experience Settings
C. DNS Client
D. Name Resolution Policy
Answer: D
Explanation:
http://www.techrepublic.com/blog/10things/10-things-you-should-know-aboutdirectaccess/1371
Notice this could have been Network connection:
BUT “The solution must not prevent the users from using DirectAccess to access other resources in contoso.com”
QUESTION 219
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain contains a top-level organizational unit (OU) for each department.
A group named Group1 contains members from each department.
You have a GPO named GPO1 that is linked to the domain.
You need to configure GPO1 to Apply settings to Group1 only.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: J
Explanation:
http://technet.microsoft.com/en-us/library/ee461038.aspx
QUESTION 220
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You need to prevent all of the GPOs at the site level and at the domain level from being Applied to users and computers in an organizational unit (OU) named OU1.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: H
Explanation:
http://technet.microsoft.com/en-us/library/ee461032.aspx
For those who feel the overwhelming anxiety before their 70-417 exam,Braindump2go Latest updated 70-417 Exam Dumps will help you Pass 100% in a short time preparation! 70-417 Exam Dumps PDF & VCE Full Version Instant Download!