QUESTION 231
Hotspot Question
Your network contains an Active Directory domain named contoso.com. You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.
QUESTION 232
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?
A. Group Policy Management
B. Server Manager
C. Get-ADAccountResultantPasswordReplicationPolicy
D. Active Directory Administrative Center
Answer: D
Explanation:
A. ADAC Only
B. ADAC Only
C. Gets the resultant password replication policy for an Active Directory account.
D. You must use the Windows Server 2012 R2 version of Active Directory Administrative Center to administer finegrained password policies through a graphical user interface.
http://technet.microsoft.com/en-us/library/ee617227.aspx
http://technet.microsoft.com/en-us/library/hh831702.aspx#fine_grained_pswd_policy_mgmt
QUESTION 233
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.
You open Active Directory Users and Computers on a client computer and connect to DC1. You display the members of a group named Group1 as shown in the Group1 Members exhibit. (Click the Exhibit button.)
When you view the properties of a user named Userl02, you receive the error message shown in the Error exhibit. (Click the Exhibit button.)
The error message does not display for any other members of Group1. You need to identify which domain controller causes the issue shown in the error message. Which domain controller should you identify?
A. DC1
B. DC2
C. DC10
D. DC11
Answer: B
Explanation:
The infrastructure master for a domain periodically examines the references, within its replica of the directory data, to objects not held on that domain controller. It queries a Global Catalog server for current information about the distinguished name and SID of each referenced object. If this information has changed, the infrastructure master makes the change in its local replica and also replicates the new values to other domain controllers within the domain.
The error hints the object reference is not updated in Infrastructure Master of Contoso.com domain.
QUESTION 234
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. All client computers run Windows 8. Users share the client computers and frequently log on to different client computers. You need to ensure that when the users save files in the Documents folder, the files are saved automatically to \\Server1\Users\. The solution must minimize the amount of network traffic that occurs when the users log on to the client computers. What should you do?
A. From a Group Policy object (GPO), configure the Folder Redirection settings
B. From the properties of each user account, configure the Home folder settings
C. From the properties of each user account, configure the User profile settings
D. From a Group Policy object (GPO), configure the Drive Maps preference.
Answer: A
Explanation:
http://en.wikipedia.org/wiki/Folder_redirection
QUESTION 235
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to configure Server1 as a network address translation (NAT) server. Which node should you use to add the NAT routing protocol? To answer, select the appropriate node in the answer area.
QUESTION 236
Hotspot Question
You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. What should you configure? To answer, select the appropriate tab in the answer area.
Answer:
QUESTION 237
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet. Which two configurations should you perforin? (Each correct answer presents part of the solution. Choose two.)
A. Set the MS-RAS Vendor ID condition to $teelHead.
B. Set the Called Station ID constraint to 192.168.0.
C. Set the Client IP4 Address condition to 192.168.0.0/24.
D. Set the MS-RAS Vendor ID condition to ^311$.
E. Set the Called Station ID constraint to 192.168.0.0/24.
F. Set the Client IP4 Address condition to 192.168.0.
Answer: DF
Explanation:
D: MS-RAS-Vendor Matches “^311$” ) The condition means that the policy applies only when the version of the RADIUS client is ^311$, so subsequent settings in this policy apply only to RRAS machines.
F: Client IPv4 Address
Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.
QUESTION 238
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT).
What should you do?
A. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each
network adapter.
B. From Routing and Remote Access, add an IPv4 routing protocol.
C. From Routing and Remote Access, add an IPv6 routing protocol.
D. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each
network adapter.
Answer: B
QUESTION 239
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?
A. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group
Policy object (GPO).
B. Configure a DNS suffix search list on the DirectAccess clients.
C. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server
Settings Group Policy object (GPO).
D. Configure DirectAccess to enable force tunneling.
Answer: D
QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard
B. From a command prompt, run the dsadd computer command
C. From Active Directory Users and Computers, configure the Managed By settings of the RODC1 account.
D. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
Answer: C
Explanation:
Modify the Managed By tab of the RODC account properties in the Active Directory Users and Computers snap-in, as shown in the following figure. You can click Change to change which security principal is the delegated RODC administrator. You can choose only one security principal. Specify a security group rather than an individual user so you can control RODC administration permissions most efficiently. This method changes the managedBy attribute of the computer object that corresponds to the RODC to the SID of the security principal that you specify. This is the recommended way to specify the delegated RODC administrator account because the information is stored in AD DS, where it can be centrally managed by domain administrators.
Incorrect:
Not A: You delegate administration of a domain or organizational unit by using the Delegation of Control wizard available in the Active Directory Users and Computers snap- in.
Not B: dsadd group just adds a group to the Active Directory
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html