QUESTION 171
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection.
You need to minimize the amount of processor resources consumed by DFS Replication.
What should you do?
A. Reduce the bandwidth usage.
B. Disable Remote Differential Compression (RDC).
C. Modify the staging quota.
D. Modify the replication schedule.
Answer: B
Explanation:
Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files.
Question tells it uses a high-speed LAN connection.
http://technet.microsoft.com/en-us/library/cc758825%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc754229.aspx
QUESTION 172
Your company has a main office and two branch offices. The main office is located in New York. The branch offices are located in Seattle and Chicago.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. Active Directory site links exist between the main office and the branch offices. All servers run Windows Server 2012 R2.
The domain contains three file servers. The file servers are configured as shown in the following table.
You implement a Distributed File System (DFS) replication group named Rep1Group.
Rep1Group is used to replicate a folder on each file server. Rep1Group uses a hub and spoke topology. NYC-SVR1 is configured as the hub server.
You need to ensure that replication can occur if NYC-SVR1 fails.
What should you do?
A. Create an Active Directory site link.
B. Modify the properties of Rep1Group.
C. Create an Active Directory site link bridge.
D. Create a connection in Rep1lGroup.
Answer: D
Explanation:
http://faultbucket.ca/2012/08/fixing-a-dfsr-connection-problem/ http://faultbucket.ca/2012/08/fixing-a-dfsr-connection-problem/
http://technet.microsoft.com/en-us/library/cc771941.aspx
QUESTION 173
You have a server named Server1 that runs Windows Server 2012 R2. On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store performance log data in C:\Logs.
You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size.
What should you configure?
A. A File Server Resource Manager (FSRM) quota on the C:\Logs folder
B. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder
C. A schedule for DCS1
D. The Data Manager settings of DCS1
Answer: D
Explanation:
http://sourcedaddy.com/windows-7/using-data-manager-view-performance-data.html
QUESTION 174
Your domain has contains a Windows 8 computer name Computer1 using BitLocker. The E:\ drive is encrypted and currently locked.
You need to unlock the E:\ drive with the recovery key stored on C:\
What should you run?
A. Unlock-BitLocker
B. Suspend-BitLocker
C. Enable-BitLockerAutoUnloc
D. Disable-BitLocker
Answer: A
Explanation:
A. Restores access to data on a BitLocker volume.
http://technet.microsoft.com/en-us/library/jj649833(v=wps.620).aspx
QUESTION 175
Your network contains and active Directory domain named contoso.com. The doman contains a server named Server1 that runs Windows Server 2012 R2 A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?
A. auditpol.exe /set /user:admin1 /category:”detailed tracking” /failure:enable
B. auditpol.exe /set/user:admin1 /failure:enable
C. auditpol.exe /resourcesacl /set /type:keyauditpol.exe /resourcesacl /set /type: /access:ga
D. auditpol.exe /resourcesacl /set /type:file /user:admin1 /failure
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/ff625687.aspx
set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders:
auditpol /resourceSACL /set /type:File /user:MYDOMAINmyuser /success /failure /access:FRFW
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx Syntax
auditpol /resourceSACL
[/set /type:<resource> [/success] [/failure] /user:<user> [/access:<access flags>]] [/remove /type:<resource> /user:<user> [/type:<resource>]] [/clear [/type:<resource>]]
[/view [/user:<user>] [/type:<resource>]]
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/ff625687.aspx
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx
QUESTION 176
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1.
What should you do?
A. In Servers GPO, modify the Advanced Audit Configuration settings.
B. On Server1, attach a task to the security log.
C. In Servers GPO, modify the Audit Policy settings.
D. On Server1, attach a task to the system log.
Answer: A
Explanation:
When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings. The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings.
Enabling Advanced Audit Policy Configuration
Basic and advanced audit policy configurations should not be mixed. As such, it’s best practice to enable Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found under Computer Configuration\Policies\Security Settings\Local Policies\Security Options, and sets the SCENoApplyLegacyAuditPolicy registry key to prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in.
In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously, there were nine basic auditing settings under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. These 53 new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.
Audit Policy settings
Any changes to user account and resource permissions.
Any failed attempts for user logon.
Any failed attempts for resource access.
Any modification to the system files.
Advanced Audit Configuration SettingsAudit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
A group administrator has modified settings or data on servers that contain finance information.
An employee within a defined group has accessed an important file. The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.
In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and so on.
Advanced Audit Configuration SettingsAdvanced Audit Configuration Settings ->Audit Policy
-> Account Management -> Audit User Account Management
In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and so on.
http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx
http://technet.microsoft.com/en-us/library/dd772623%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx
http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx#BKMK_step2
QUESTION 177
You have 3 server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.
You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails. What should you create?
A. A storage pool on Disk 2 and Disk 3
B. A mirrored volume on Disk 2 and Disk 3
C. A storage pool on Disk 1 and Disk 3
D. A mirrored volume on Disk l and Disk 4
E. Raid 5 Volume out of Disks 1, 2 and 3
Answer: B
Explanation:
A. Storage pool can’t use Dynamic disk
B. Mirrored volume will be > 3Tb
C. Storage pool can’t use Dynamic disk
D. is impossible, we need 3Tb of disk space
E. Raid5 need to be on dynamic disk
QUESTION 178
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2008. All domain controllers run Windows Server 2008 R2.
The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a BitLocker Drive Encryption (BitLocker)-encrypted drive. Server1 uses a Trusted Platform Module (TPM) chip.
You enable the Turn on TPM backup to Active Directory Domain Services policy setting by using a Group Policy object (GPO).
You need to ensure that you can back up the BitLocker recovery information to Active Directory.
What should you do?
A. Raise the forest functional level to Windows Server 2008 R2.
B. Enable the Configure the level of TPM owner authorization information available to the operating
system policy setting and set the Operating system managed TPM authentication level to None.
C. Add a BitLocker data recovery agent.
D. Import the TpmSchemaExtension.ldf and TpmSchemaExtensionACLChanges.ldf schema extensions
to the Active Directory schema.
Answer: D
Explanation:
You can configure BitLocker Drive Encryption to back up recovery information for BitLocker-protected drives and the Trusted Platform Module (TPM) to Active Directory Domain Services (AD DS). Recovery information includes the recovery password for each BitLocker-protected drive, the TPM owner password, and the information required to identify which computers and drives the recovery information applies to. Optionally, you can also save a package containing the actual keys used to encrypt the data as well as the recovery password required to access those keys.
Backing up recovery passwords for a BitLocker-protected drive allows administrators to recover the drive if it is locked. This ensures that encrypted data belonging to the enterprise can always be accessed by authorized users.
Backing up the TPM owner information for a computer allows administrators to locally and remotely configure the TPM security hardware on that computer. As an example, an administrator might want to reset the TPM to factory defaults when decommissioning or repurposing computers.
For Windows 8 a change to how the TPM owner authorization value is stored in AD DS was implemented in the AD DS schema.
The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schemas. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012 you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8.
http://technet.microsoft.com/en-us/library/dd875529%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/jj635854.aspx
http://technet.microsoft.com/en-us/library/jj679889.aspx
QUESTION 179
Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. Name Resolution Policy
B. DNS Client
C. Network Connections
D. DirectAccess Client Experience Settings
Answer: A
Explanation:
For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, .internal.contoso.com or .corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers.
Include all intranet DNS namespaces that you want DirectAccess client computers to access. There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy.
QUESTION 180
You have a DNS server named Server1. Server1 has a primary zone named contoso.com. Zone Aging/ Scavenging is configured for the contoso.com zone. One month ago, an Administrator removed a server named Server2 from the network.
You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com.
You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.
What should you modify?
A. The Security settings of the static resource records
B. The Expires after value of contoso.com
C. The Record time stamp value of the static resource records
D. The time-to-live (TTL) value of the static resource records
Answer: C
Explanation:
C. reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged.
D. For most resource records, this field is optional. It indicates a length of time used by other DNS servers to determine how long to cache information for a record before expiring and discarding it.
http://technet.microsoft.com/en-us/library/cc771677.aspx http://technet.microsoft.com/en-us/library/cc758321(v=ws.10).aspx
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html