70-411 Exam
Tips to Pass 70-411 Exam (41 to 50)
Cause all that matters here is passing the Microsoft 70-411 exam. Cause all that you need is a high score of 70-411 Administering Windows Server 2012 exam. The only one thing you need to do is downloading Testking 70-411 exam study guides now. We will not let you down with our money-back guarantee.
2021 Mar 70-411 free download
Q41. Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com.
The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com.
The main office connects to the branch office by using an unreliable WAN link.
You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days.
Which setting should you modify in the start of authority (SOA) record?
A. Retry interval
B. Refresh interval
C. Expires after
D. Minimum (default) TTL
Answer: C
Explanation:
Used by other DNS servers that are configured to load and host the zone to determine when zone data expires if it is not renewed
Q42. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
. Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
. Ensure that JPG files can always be saved to a local computer, even when a file screen exists.
Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.
Answer Area
Answer:
Q43. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Mount the most recent Active Directory backup.
B. Reactivate the tombstone of Group1.
C. Perform an authoritative restore of Group1.
D. Use the Recycle Bin to restore Group1.
Answer: A
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects.
If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties.
Q44. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.
You need to create an Active Directory snapshot on DC1.
Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer
area and arrange them in the correct order.
Answer:
Q45. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1.
You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1.
What should you configure?
A. Security Filtering.
B. WMI Filtering.
C. Block Inheritance.
D. Item-level targeting.
Answer: D
Explanation:
You can use item-level targeting to change the scope of individual preference items, so they apply only to selected users or computers. Within a single Group Policy object (GPO), you can include multiple preference items, each customized for selected users or computers and each targeted to apply settings only to the relevant users or computers.
Reference: https://technet.microsoft.com/en-us/library/cc733022.aspx
Up to the immediate present 70-411 exam question:
Q46. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.
Server1 provides VPN access to external users.
You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?
A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting
B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting
D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled
Answer: C
Explanation:
Add-RemoteAccessRadius
Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess
(DA) and VPN, or one-time password (OTP) authentication for DA.
AccountingOnOffMsg<String>
Indicates the enabled state for sending of accounting on or off messages. The acceptable
values for this parameter are:
. Enabled.
. Disabled.
This is the default value. This parameter is applicable only when the RADIUS server is being added for Remote Access accounting.
Q47. Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.
Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.
You need to copy GPO1 from dev.contoso.com to contoso.com.
What should you do first on DC2?
A. From the Group Policy Management console, right-click GPO1 and select Copy.
B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter.
C. Run the Save-NetGpocmdlet.
D. Run the Backup-Gpocmdlet.
Answer: A
Explanation:
To copy a Group Policy object:
In the GPMC console tree, right-click the GPO that you want to copy, and then click Copy.
To create a copy of the GPO in the same domain as the source GPO, right-click Group Policy objects, click Paste, specify permissions for the new GPO in the Copy GPO box, and then click OK.
For copy operations to another domain, you may need to specify a migration table.
The Migration Table Editor (MTE) is provided with Group Policy Management Console (GPMC) to facilitate the editing of migration tables. Migration tables are used for copying or importing Group Policy objects (GPOs) from one domain to another, in cases where the GPOs include domain-specific information that must be updated during copy or import.
Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available.
Copy a Group Policy Object with the Group Policy Management Console (GPMC)
You can copy a Group Policy object (GPO) either by using the drag-and-drop method or right-click method.
Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012
References:
http://technet.microsoft.com/en-us/library/cc785343(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc733107.aspx
Q48. Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Perform an authoritative restore of Group1.
B. Mount the most recent Active Directory backup.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
Answer: A
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.
Q49. Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.
B. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
C. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
D. Configure each Remote Access server to use a RADIUS server named NPS1.
E. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
Answer: C,D
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
: http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx
Q50. HOTSPOT
Your network contains a RADIUS server named Admin1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Admin1.
On Server2, you create a new remote RADIUS server group named Group1 that contains Admin1.
What should you configure next on Server2?
To answer, select the appropriate node in the answer area.
Answer: