QUESTION 221
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. You need to use the Group Policy object (GPO) to assign members to a computer group. Which setting should you configure in the GPO? To answer, select the appropriate setting in the answer area.
Answer:
Explanation:
Client-side targeting involves automatically assigning the computers by using either Group Policy or registry keys. Second, create the computer group in WSUS. Third, move the computers into groups by using whichever method you chose in the first step. http://technet.microsoft.com/en-us/library/cc720433(v=ws.10).aspx
QUESTION 222
The contoso.com domain contains a a DNS server named Server1 that host a primary zone. Server2 contains a a secondary zone for the contoso.com doamin. You need to configure how long Server2 queries Server1 to renew the zone. What should you configure?
A. Retry Interval
B. Minimum TTL
C. Refresh Interval
D. Authority Record
Answer: C
Explanation:
A. The time, in seconds, a secondary server waits before retrying a failed zone transfer. Normally, this time is less than the refresh interval. The default value is 600 seconds (10 minutes). B The default Time-To-Live (TTL) of the zone and the maximum interval for caching negative answers to name queries. The default value is 3,600 seconds (1 hour). C. The time, in seconds, that a secondary DNS server waits before querying its source for the zone to attempt renewal of the zone. When the refresh interval expires, the secondary DNS server requests a copy of the current SOA record for the zone from its source, which answers this request. The secondary DNS server then compares the serial number of the source server’s current SOA record (as indicated in the response) with the serial number in its own local SOA record. If they are different, the secondary DNS server requests a zone transfer from the primary DNS server. The default for this field is 900 seconds (15 minutes).
D.
http://technet.microsoft.com/en-us/library/cc779148(v=ws.10).aspx
QUESTION 223
You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed. You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?
A. The relay agent information
B. The user class
C. The vendor class
D. The client identifier
Answer: B
Explanation:
To configure a NAP-enabled DHCP server
On the DHCP server, click Start, click Run, in Open, type dhcpmgmt.smc, and then press ENTER.
In the DHCP console, open <servername>\IPv4.
Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.
On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK.
In the DHCP console tree, under the DHCP scope that you have selected, right- click Scope Options, and then click Configure Options. On the Advanced tab, verify that Default User Class is selected next to User class. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add.
Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization’s domain name (for example, woodgrovebank.local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.
On the Advanced tab, next to User class, choose Default Network Access Protection Class.
Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.
Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.woodgrovebank.local), and then click OK. This domain is a restricted- access network assigned to noncompliant NAP clients.
Click OK to close the Scope Options dialog box.
Close the DHCP console.
http://technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx
QUESTION 224
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You mount an Active Directory snapshot on DC1. You need to expose the snapshot as an LDAP server. Which tool should you use?
A. ADSI Edit
B. Ntdsutil
C. Dsamain
D. Ldp
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
QUESTION 225
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has a drive named E that is encrypted by using BitLocker Drive Encryption (BitLocker). A recovery key is stored on drive C. Drive E becomes locked. When you attempt to use the recovery key, you receive the following error message.
You need to access the data stored on drive E. What should you run first?
A. manage-bde -protectors -get e:
B. manage-bde -unlock e: -recoverykey c:\
C. disable-bitlocker -mountpoint e:
D. unlock-bitlocker -mountpoint e: -recoverykeypath c:
Answer: A
Explanation:
Manage-bde is used to turn on or turn off BitLocker, specify unlock mechanisms, update recovery methods, and unlock BitLocker-protected data drives. This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item. http://technet.microsoft.com/en-us/library/ff829849.aspx
QUESTION 226
Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?
A. Modify the Link1 shortcut preference of GPO1.
B. Enable loopback processing in GPO1.
C. Enforce GPO1.
D. Modify the Security Filtering settings of GPO1.
Answer: A
Explanation:
This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the shortcut already exists.
http://technet.microsoft.com/en-us/library/cc753580.aspx
http://technet.microsoft.com/en-us/library/cc753580.aspx
QUESTION 227
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012 R2. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?
A. From the Update Services console, create computer groups.
B. From the Update Services console, configure the Computers options.
C. From the Group Policy Management console, configure the Windows Update settings.
D. From the Group Policy Management console, configure the Windows Anytime Upgrade settings.
E. From the Update Services console, configure the Synchronization Schedule options.
Answer: C
Explanation:
Create one computer group for Main site and another group for Branch site. You can deploy Windows updates by computer group.
QUESTION 228
Your network contains an Active Directory forest named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You plan to implement the BitLocker Drive Encryption (BitLocker) Network Unlock feature. You need to identify which server role must be deployed to the network to support the planned implementation. Which role should you identify?
A. Network Policy and Access Services
B. Volume Activation Services
C. Active Directory Rights Management Services
D. Windows Deployment Services
Answer: D
QUESTION 229
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You need to create an Active Directory snapshot on DC1. Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Answer:
Explanation:
http://www.petri.co.il/working-active-directory-snapshots-windows-server-2008.htm#
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
QUESTION 230
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Print1. Your company implements DirectAccess. A user named User1 frequently works at a customer’s office. The customer’s office contains a print server named Print1. While working at the customer’s office, User1 attempts to connect to Print1. User1 connects to the Print1 server in contoso.com instead of the Print1 server at the customer’s office. You need to provide User1 with the ability to connect to the Print1 server in the customer’s office.
Which Group Policy option should you configure?
To answer, select the appropriate option in the answer area.
Answer:
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html