QUESTION 361
You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?
A. Unblock-Tpm
B. Add-BitLockerKeyProtector
C. Remove-BitLockerKeyProtector
D. Enable BitLockerAutoUnlock
Answer: B
QUESTION 362
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed.
Server1 contains two boot images and four install images.
You need to ensure that when a computer starts from PXE, the available operating system images appear in a specific order.
What should you do?
A. Modify the properties of the boot images.
B. Create a new image group.
C. Modify the properties of the install images.
D. Modify the PXE Response Policy.
Answer: C
QUESTION 363
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain.
You create a Password Settings object (PSO) named PSO1.
You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard.
B. From Active Directory Administrative Center, modify the security settings of PSO1.
C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D. From Active Directory Administrative Center, modify the security settings of OU1.
Answer: B
QUESTION 364
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.
Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.
You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.
Which two nodes should you configure from the Network Policy Server console?
To answer, select the appropriate two nodes in the answer area.
Answer:
QUESTION 365
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed.
Your company’s security policy requires that certificate-based authentication must be used by some network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy.
Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.)
A. MS-CHAP
B. PEAP-MS-CHAP v2
C. Chap
D. EAP-TLS
E. MS-CHAP v2
Answer: BD
Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server- side public key certificates to authenticate the server. When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify their identities to each other.
QUESTION 366
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named 0U1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in 0U1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. Server Manager
B. Active Directory Users and Computers
C. The Gpupdate command
D. Group Policy Management Console (GPMC)
Answer: D
Explanation:
Starting with Windows Server 2012 and Windows 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke- GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
http://technet.microsoft.com/en-us//library/jj134201.aspx http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate.aspx
QUESTION 367
Your company has a main office and a branch office.
The main office contains a server that hosts a Distributed File System (DFS) replicated folder.
You plan to implement a new DFS server in the branch office.
You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office.
You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets.
Which additional command or cmdlet should you include in the recommendation?
A. Robocopy.exe
B. Synchost.exe
C. Export-BcCachePackage
D. Sync-DfsReplicationGroup
Answer: D
QUESTION 368
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A. Add-ClusterVmMonitoredItem
B. Add-ClusterGenericServiceRole
C. Set-ClusterResourceDependency
D. Enable VmResourceMetering
Answer: A
QUESTION 69
Hotspot Question
You have a server named Servers that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed.
Server5 contains several custom images of Windows 8.
You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image 1.
What should you configure?
To answer, select the appropriate tab in the answer area.
Answer:
QUESTION 370
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
What should you do next?
A. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers organizational unit (OU).
B. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.
C. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU).
D. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU.
Answer: A
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html