Braindump2go New Updated Microsoft 70-411 Dumps Free Download Now! 100% Pass Your 70-411 Exam One Time At Your First Try! Instant Download 70-411 Dumps Full Version From Braindump2go Now!
Vendor: Microsoft
Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam
QUESTION 226
Your network contains an Active Directory domain named contoso.com.
All user accounts reside in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1.
You link GPO1 to OU1.
You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user.
You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop.
You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again.
What should you do?
A. Modify the Link1 shortcut preference of GPO1.
B. Enable loopback processing in GPO1.
C. Enforce GPO1.
D. Modify the Security Filtering settings of GPO1.
Answer: A
Explanation:
This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the shortcut already exists.
http://technet.microsoft.com/en-us/library/cc753580.aspx
http://technet.microsoft.com/en-us/library/cc753580.aspx
QUESTION 227
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012 R2.
You install the Windows Server Update Services server role on Server1.
You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. From the Update Services console, create computer groups.
B. From the Update Services console, configure the Computers options.
C. From the Group Policy Management console, configure the Windows Update settings.
D. From the Group Policy Management console, configure the Windows Anytime Upgrade settings.
E. From the Update Services console, configure the Synchronization Schedule options.
Answer: C
Explanation:
Create one computer group for Main site and another group for Branch site. You can deploy Windows updates by computer group.
QUESTION 228
Your network contains an Active Directory forest named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You plan to implement the BitLocker Drive Encryption (BitLocker) Network Unlock feature.
You need to identify which server role must be deployed to the network to support the planned implementation.
Which role should you identify?
A. Network Policy and Access Services
B. Volume Activation Services
C. Active Directory Rights Management Services
D. Windows Deployment Services
Answer: D
Explanation:
Windows Deployment Services (WDS) is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a networkbased installation. This means that you do not have to install each operating system directly from a CD, USB drive or DVD. To use Windows Deployment Services, you should have a working knowledge of common desktop deployment technologies and networking components, including Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Active Directory Domain Services (AD DS). It is also helpful to understand the Preboot eXecution Environment (also known as Pre-Execution Environment).
QUESTION 229
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.
You need to create an Active Directory snapshot on DC1.
Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Answer:
Explanation:
http://technet.microsoft.com/nl-nl/library/cc753609%28v=ws.10%29.aspx
http://mizitechinfo.wordpress.com/2013/08/13/simple-step-create-a-snapshot-of-ad-ds-in-windows-server-2012-r2-by-using-ntdsutil/
QUESTION 230
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Print1.
Your company implements DirectAccess. A user named User1 frequently works at a customer’s office. The customer’s office contains a print server named Print1. While working at the customer’s office, User1 attempts to connect to Print1.
User1 connects to the Print1 server in contoso.com instead of the Print1 server at the customer’s office.
You need to provide User1 with the ability to connect to the Print1 server in the customer’s office.
Which Group Policy option should you configure?
To answer, select the appropriate option in the answer area.
Answer:
QUESTION 231
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature.
Which Cryptography setting of the certificate template should you modify?
To answer, select the appropriate setting in the answer area.
Answer:
QUESTION 232
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain.
You create a Password Settings object (PSO) named PSO1.
You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard.
B. From Active Directory Administrative Center, modify the security settings of PSO1.
C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D. From Active Directory Administrative Center, modify the security settings of OU1.
Answer: B
Explanation:
PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs, consider creating global security groups that contain the users from these Ous and then applying the newly defined finegrained password and account lockout policies to them. If you move a user from one OU to another, you must update user memberships in the corresponding global security groups.
Go ahead and hit “OK” and then close out of all open windows. Now that you have created a password policy, we need to apply it to a user/group. In order to do so, you must have “write” permissions on the PSO object. We’re doing this in a lab, so I’m Domain Admin.
Write permissions are not a problem : )
1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active Directory Users and Computers).
2. On the View menu, ensure that Advanced Features is checked.
3. In the console tree, expand Active Directory Users and Computers\yourdomain\System\Password Settings Container
4. In the details pane, right-click the PSO, and then click Properties.
5. Click the Attribute Editor tab.
6. Select the msDS-PsoAppliesTo attribute, and then click Edit.
QUESTION 233
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains four domain controllers.
The domain controllers are configured as shown in the following table.
You open Active Directory Users and Computers on a client computer and connect to DC1.
You display the members of a group named Group1 as shown in the Group1 Members exhibit. (Click the Exhibit button.)
When you view the properties of a user named Userl02, you receive the error message shown in the Error exhibit. (Click the Exhibit button.)
The error message does not display for any other members of Group1.
You need to identify which domain controller causes the issue shown in the error message. Which domain controller should you identify?
A. DC1
B. DC2
C. DC10
D. DC11
Answer: B
Explanation:
The infrastructure master for a domain periodically examines the references, within its replica of the directory data, to objects not held on that domain controller. It queries a Global Catalog server for current information about the distinguished name and SID of each referenced object. If this information has changed, the infrastructure master makes the change in its local replica and also replicates the new values to other domain controllers within the domain.
The error hints the object reference is not updated in Infrastructure Master of Contoso.com domain.
QUESTION 234
Your network contains an Active Directory domain named adatum. com. The domain
contains a file server named Server1 that runs Windows Server 2012 R2.
All client computers run Windows 7.
You need to ensure that user settings are saved to \\Server1\Users\.
What should you do?
A. From a Group Policy object (GPO), configure the Folder Redirection settings
B. From the properties of each user account, configure the Home folder settings
C. From the properties of each user account, configure the User profile settings
D. From a Group Policy object (GPO), configure the Drive Maps preference.
Answer: C
Explanation:
If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user profiles.
QUESTION 235
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network.
You need to configure Server1 as a network address translation (NAT) server.
Which node should you use to add the NAT routing protocol?
To answer, select the appropriate node in the answer area.
Answer:
QUESTION 236
Hotspot Question
You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed.
You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file.
What should you configure?
To answer, select the appropriate tab in the answer area.
Answer:
QUESTION 237
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1.
You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet.
Which two configurations should you perforin?
(Each correct answer presents part of the solution. Choose two.)
A. Set the MS-RAS Vendor ID condition to $teelHead.
B. Set the Called Station ID constraint to 192.168.0.
C. Set the Client IP4 Address condition to 192.168.0.0/24.
D. Set the MS-RAS Vendor ID condition to ^311$.
E. Set the Called Station ID constraint to 192.168.0.0/24.
F. Set the Client IP4 Address condition to 192.168.0.
Answer: DF
Explanation:
D: MS-RAS-Vendor Matches “^311$” ) The condition means that the policy applies only when the version of the RADIUS client is ^311$, so subsequent settings in this policy apply only to RRAS machines.
F: Client IPv4 Address
Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.
QUESTION 238
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server.
You need to configure Server1 to perform network address translation (NAT).
What should you do?
A. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each
network adapter.
B. From Routing and Remote Access, add an IPv4 routing protocol.
C. From Routing and Remote Access, add an IPv6 routing protocol.
D. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each
network adapter.
Answer: B
Explanation:
To configure an existing RRAS server to support both VPN remote access and NAT routing:
1. Open Server Manager.
2. Expand Roles, and then expand Network Policy and Access Services.
3. Right-click Routing and Remote Access, and then click Properties.
4. Select IPv4 Remote access Server or IPv6 Remote access server, or both.
QUESTION 239
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?
A. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group
Policy object (GPO).
B. Configure a DNS suffix search list on the DirectAccess clients.
C. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server
Settings Group Policy object (GPO).
D. Configure DirectAccess to enable force tunneling.
Answer: D
Explanation:
With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their intranet and Internet traffic as follows:
– DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged over the tunnels that are created with the DirectAccess server or directly with intranet servers. Intranet traffic from DirectAccess clients is IPv6 traffic.
– DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet namespace, and all traffic to Internet servers, is exchanged over the physical interface that is connected to the Internet. Internet traffic from DirectAccess clients is typically IPv4 traffic.
In contrast, by default, some remote access virtual private network (VPN) implementations, including the VPN client, send all intranet and Internet traffic over the remote access VPN connection. Internet-bound traffic is routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet resources. It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split tunneling. This involves configuring the Internet Protocol (IP) routing table on VPN clients so that traffic to intranet locations is sent over the VPN connection, and traffic to all other locations is sent by using the physical interface that is connected to the Internet.
You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients detect that they are on the Internet, and they remove their IPv4 default route. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the DirectAccess server.
QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard
B. From a command prompt, run the dsadd computer command
C. From Active Directory Users and Computers, configure the Managed By settings of the RODC1 account.
D. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
Answer: C
Explanation:
Modify the Managed By tab of the RODC account properties in the Active Directory Users and Computers snap-in, as shown in the following figure. You can click Change to change which security principal is the delegated RODC administrator. You can choose only one security principal. Specify a security group rather than an individual user so you can control RODC administration permissions most efficiently. This method changes the managedBy attribute of the computer object that corresponds to the RODC to the SID of the security principal that you specify. This is the recommended way to specify the delegated RODC administrator account because the information is stored in AD DS, where it can be centrally managed by domain administrators.
Incorrect:
Not A: You delegate administration of a domain or organizational unit by using the Delegation of Control wizard available in the Active Directory Users and Computers snap- in.
Not B: dsadd group just adds a group to the Active Directory
Thanks For Trying Braindump2go Latest Microsoft 70-411 Dumps Questions! Braindump2go Exam DumpsADVANTAGES:
☆ 100% Pass Guaranteed Or Full Money Back!
☆ Instant Download Access After Payment!
☆ One Year Free Updation!
☆ Well Formated: PDF,VCE,Exam Software!
☆ Multi-Platform capabilities – Windows, Laptop, Mac, Android, iPhone, iPod, iPad.
☆ Professional, Quick,Patient IT Expert Team 24/7/365 Onlinen Help You!
☆ We served more than 35,000 customers all around the world in last 5 years with 98.99% PASS RATE!
☆ Guaranteed Secure Shopping! Your Transcations are protected by Braindump2go all the time!
☆ Pass any exams at the FIRST try!