getcertified4sure.com

70-411 Exam

Top 10 rapidshare 70-411 for client (31 to 40)



It is impossible to pass Microsoft 70-411 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed Microsoft 70-411 practice questions. You will get a surprising result by our Renovate Administering Windows Server 2012 practice guides.

2021 Mar 70-411 exam answers

Q31. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

You create a central store for Group Policy. 

You receive a custom administrative template named Template1.admx. 

You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs). 

What should you do? 

A. From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates. 

B. From the Default Domain Policy, add Template1.admx to the Administrative Templates. 

C. Copy Template1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\. 

D. Copy Template1.admx to \\Contoso.com\NETLOGON. 

Answer:

Explanation: 

Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs. 


Q32. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. 

You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. The Called Station ID constraints 

B. The MS-Service Class conditions 

C. The Health Policies conditions 

D. The NAS Port Type constraints 

E. The NAP-Capable Computers conditions 

Answer: C,E 

Reference: 

http://technet.microsoft.com/en-us/library/cc753603.aspx 

http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/cc731560.aspx 


Q33. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed. 

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1. 

You need to configure replica downstream servers to send Server1 summary information about the computer update status. 

What should you do? 

A. From Server1, configure Reporting Rollup. 

B. From Server2, configure Reporting Rollup. 

C. From Server2, configure Email Notifications. 

D. From Server1, configure Email Notifications. 

Answer:

Explanation: 

WSUS Reporting Rollup Sample Tool 

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file. 

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx 


Q34. Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named Server1.contoso.com. The adatum.com forest contains a server named server2. adatum.com. Both servers have the Network Policy Server role service installed. 

The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed. 

You plan to configure Server3 as an authentication provider for several VPN servers. 

You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com. 

Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.) 

A. Remediation server groups 

B. Remote RADIUS server groups 

C. Connection request policies 

D. Network policies 

E. Connection authorization policies 

Answer: B,C 

Explanation: 

To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. 

References: http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 


Q35. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. 

You need to configure Windows Server Update Services (WSUS) to support Secure Sockets Layer (SSL). 

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) 

A. From Internet Information Services (IIS) Manager, modify the connection strings of the WSUS website. 

B. Install a server certificate. 

C. Run the wsusutil.exe command. 

D. Run the iisreset.exe command. 

E. From Internet Information Services (IIS) Manager, modify the bindings of the WSUS website. 

Answer: B,C,E 

Explanation: 

Certificate needs to be installed to IIS, Bindings modifies and wsusutil run. 

1. First we need to request a certificate for the WSUS web site, so open IIS, click the server 

name, then open Server Certificates. 

On the Actions pane click Create Domain Certificate. 

2. To add the signing certificate to the WSUS Web site in IIS 7.0 

On the WSUS server, open Internet Information Services (IIS) Manager. 

Expand Sites, right-click the WSUS Web site, and then click Edit Bindings. 

In the Site Binding dialog box, select the https binding, and click Edit to open the Edit Site 

Binding dialog box. 

Select the appropriate Web server certificate in the SSL certificate box, and then click OK. 

Click Close to exit the Site Bindings dialog box, and then click OK to close Internet 

Information Services (IIS) Manager. 

3. WSUSUtil.exe configuressl<FQDN of the software update point site system> (the name 

in your certificate) 

WSUSUtil.exe configuressl<Intranet FQDN of the software update point site system>. 

4. The next step is to point your clients to the correct url, by modifying the existing GPO or 

creating a new one. Open the policy Specify intranet Microsoft update service location and 

type the new url in the form https: //YourWSUSserver. 

The gpupdate /force command will just download all the GPO’s and re-apply them to the client, it won’t force the client to check for updates. For that you need to use wuauclt /resetautorization /detectnow followed by wuauclt /reportnow 

References: 

http: //technet. microsoft. com/en-us/library/bb680861. aspx 

http: //technet. microsoft. com/en-us/library/bb633246. aspx 

http: //www. vkernel. ro/blog/configure-wsus-to-use-ssl 


Regenerate 70-411 exams:

Q36. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise. 

You implement a Group Policy central store. 

You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers. 

You need to deploy the custom registry setting. The solution must minimize administrator effort. 

What should you configure in a Group Policy object (GPO)? 

A. The Software Installation settings 

B. The Administrative Templates 

C. An application control policy 

D. The Group Policy preferences 

Answer:

Explanation: 

. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. 

. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Windows Settings folder. 

. Right-click the Registry node, point to New, and select Registry Item. 

Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). 

You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. The Group Policy Management Editor (GPME) includes Group Policy preferences. 

References: http: //technet.microsoft.com/en-us/library/gg699429.aspx http: //www. unidesk. com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling-machine-password 


Q37. Your network contains an Active Directory domain named contoso.com. 

You need to install and configure the Web Application Proxy role service. 

What should you do? 

A. Install the Active Directory Federation Services server role and the Remote Access server role on different servers. 

B. Install the Active Directory Federation Services server role and the Remote Access server role on the same server. 

C. Install the Web Server (IIS) server role and the Application Server server role on the same server. 

D. Install the Web Server (IIS) server role and the Application Server server role on different servers. 

Answer:

Explanation: 

Web Application Proxy is a new Remote Access role service in Windows Server. 2012 R2. 


Q38. Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle bin is enabled for contoso.com. 

A support technician accidentally deletes a user account named User1. You need to restore the User1 account. 

Which tool should you use? 

A. Ldp 

B. Esentutl 

C. Active Directory Administrative Center 

D. Ntdsutil 

Answer:


Q39. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1. 

You identify the security requirements for the 30 user accounts as shown in the following table. 

You need to identify which settings must be implemented by using a Password Settings object (PSO) and which settings must be implemented by modifying the properties of the user accounts. 

What should you identify? To answer, configure the appropriate settings in the dialog box in the answer area. 

Answer: 


Q40. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify which domain controllers are authorized to be cloned by using virtual domain controller cloning. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer:

Explanation: One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role. 

Example: Command Prompt: C:\PS> Get-ADDomain 

Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com 

Reference: Step-by-Step: Domain Controller Cloning 

http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx 

Reference: Get-ADDomain 

https://technet.microsoft.com/en-us/library/ee617224.aspx 


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.