getcertified4sure.com

70-411 Exam

What Renew 70-411 Is?



Q91. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. 

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.) 

On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1. 

You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1. 

What should you configure? 

A. the Audit File Share setting of Servers GPO 

B. the Sharing settings of C:\Share1 

C. the Audit File System setting of Servers GPO 

D. the Security settings of C:\Share1 

Answer:

Explanation: 

You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. 

Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node. 

File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in the event log. 

To view connections to shared resources, type net session at a command prompt or follow these steps: 

In Computer Management, connect to the computer on which you created the shared resource. 

In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers. 

To enable folder permission auditing, you can follow the below steps: 

Click start and run "secpol. msc" without quotes. 

Open the Local Policies\Audit Policy 

Enable the Audit object access for "Success" and "Failure". 

Go to target files and folders, right click the folder and select properties. 

Go to Security Page and click Advanced. 

Click Auditing and Edit. 

Click add, type everyone in the Select User, Computer, or Group. 

Choose Apply onto: This folder, subfolders and files. 

Tick on the box “Change permissions” 

Click OK. 

After you enable security auditing on the folders, you should be able to see the folder permission changes in the server's Security event log. Task Category is File System. 

References: 

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/ 

http: //technet. microsoft. com/en-us/library/cc753927(v=ws. 10). aspx 

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/ 

http: //support. microsoft. com/kb/300549 

http: //www. windowsitpro. com/article/permissions/auditing-folder-permission-changes 

http: //www. windowsitpro. com/article/permissions/auditing-permission-changes-on-a-folder 


Q92. Your network is configured as shown in the exhibit. (Click the Exhibit button.) 

Server1 regularly accesses Server2. 

You discover that all of the connections from Server1 to Server2 are routed through Router1. 

You need to optimize the connection path from Server1 to Server2. 

Which route command should you run on Server1? 

A. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100 

B. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50 

C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100 

D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50 

Answer:

Explanation: 

Destination - specifies either an IP address or host name for the network or host. 

subnetmask - specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used. 

gateway - specifies either an IP address or host name for the gateway or router to use when forwarding. 

costmetric - assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes. If costmetric is not specified, 1 is used. 

interface - specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address. 

References: http: //support. microsoft. com/kb/299540/en-us 

http: //technet. microsoft. com/en-us/library/cc757323%28v=ws. 10%29. aspx 


Q93. Your network contains an Active Directory domain named contoso.com. The domain 

contains a server named Server1 that runs Windows Server 2012 R2. 

You enable and configure Routing and Remote Access (RRAS) on Server1. 

You create a user account named User1. 

You need to ensure that User1 can establish VPN connections to Server1. 

What should you do? 

A. Modify the members of the Remote Management Users group. 

B. Add a RADIUS client. 

C. Modify the Dial-in setting of User1. 

D. Create a connection request policy. 

Answer:

Explanation: 

Access permission is also granted or denied based on the dial-in properties of each user account. 

http://technet.microsoft.com/en-us/library/cc772123.aspx 


Q94. Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain. 

You need to create NAP event trace log files on a client computer. 

What should you run? 

A. logman 

B. Register-ObjectEvent 

C. tracert 

D. Register-EngineEvent 

Answer:

Explanation: 

You can enable NAP client tracing by using the command line. On computers running Windows Vista., you can enable tracing by using the NAP Client Configuration console. NAP client tracing files are written in Event Trace Log (ETL) format. These are binary files representing trace data that must be decoded by Microsoft support personnel. Use the –o option to specify the directory to which they are written. In the following example, files are written to %systemroot%\tracing\nap. For more information, see Logman (http: //go. microsoft.com/fwlink/?LinkId=143549). 

To create NAP event trace log files on a client computer 

Open a command line as an administrator. 

Type 

logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o 

%systemroot%\tracing\nap\QAgentRt. etl –ets. 

Note: To troubleshoot problems with WSHA, use the following GUID: 789e8f15-0cbf-4402-b0ed-0e22f90fdc8d. 

Reproduce the scenario that you are troubleshooting. 

Type logman stop QAgentRt -ets. 

Close the command prompt window. 

References: 

http: //technet. microsoft. com/en-us/library/dd348461%28v=ws. 10%29. aspx 


Q95. Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table. 

You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3. 

Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.) 

A. The Authentication settings 

B. The Standard RADIUS Attributes settings 

C. The Location Groups condition 

D. The Identity Type condition 

E. The User Name condition 

Answer: A,E 

Explanation: 

The User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern-matching syntax to specify user names. 

By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network. Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access-Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy 

Connection request policies are sets of conditions and profile settings that give network administrators flexibility in configuring how incoming authentication and accounting request messages are handled by the IAS server. With connection request policies, you can create a series of policies so that some RADIUS request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS server) and other types of messages are forwarded to another RADIUS server (IAS is being used as a RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios. 

With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on the time of day and day of the week, by the realm name in the request, by the type of connection being requested, by the IP address of the RADIUS client, and so on. 

References: http: //technet. microsoft. com/en-us/library/cc757328. aspx 

http: //technet. microsoft. com/en-us/library/cc753603. aspx 


Q96. Your network contains an Active Directory domain named adatum.com. 

You need to audit changes to the files in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL replication traffic caused by the audit. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. Audit Policy\Audit system events 

B. Advanced Audit Policy Configuration\DS Access 

C. Advanced Audit Policy Configuration\Global Object Access Auditing 

D. Audit Policy\Audit object access 

E. Audit Policy\Audit directory service access 

F. Advanced Audit Policy Configuration\Object Access 

Answer: D,F 


Q97. Your company has a main office and a branch office. 

The main office contains a server that hosts a Distributed File System (DFS) replicated folder. 

You plan to implement a new DFS server in the branch office. 

You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the branch office. You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets. Which additional command or cmdlet should you include in the recommendation? 

A. Robocopy.exe 

B. Synchost.exe 

C. Export-BcCachePackage 

D. Sync-DfsReplicationGroup 

Answer:

Explanation: 

By preseeding files before you set up DFS Replication, add a new replication partner, or replace a server, you can speed up initial synchronization and enable cloning of the DFS Replication database in Windows Server 2012 R2. The Robocopy method is one of several preceding methods 


Q98. DRAG DROP 

You have a WIM file that contains an image of Windows Server 2012 R2. 

Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image. 

You need to remove the MSU package from the image. 

Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order. 

Answer: 


Q99. You are a network administrator of an Active Directory domain named contoso.com. 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed. 

You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. 

You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. 

Which criteria should you specify when you create the DHCP policy? 

A. The client identifier 

B. The user class 

C. The vendor class 

D. The relay agent information 

Answer:

Explanation: 

To configure a NAP-enabled DHCP server 

On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press ENTER. 

In the DHCP console, open <servername>\IPv4. 

Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties. 

On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK. 

In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, and then click Configure Options. 

On the Advanced tab, verify that Default User Class is selected next to User class. 

Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization's domain name (for example, woodgrovebank. local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients. On the Advanced tab, next to User class, choose Default Network Access Protection Class. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted. Woodgrovebank. local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients. Click OK to close the Scope Options dialog box. Close the DHCP console. 

Reference: http: //technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx 


Q100. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. 

You make a change to GPO1. 

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. 

Which tool should you use? 

A. Server Manager 

B. Active Directory Users and Computers 

C. The Gpupdate command 

D. Group Policy Management Console (GPMC) 

Answer:

Explanation: 

Starting with Windows Server. 2012 and Windows. 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container. 

References: http: //technet. microsoft. com/en-us//library/jj134201. aspx 

http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate. aspx 


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.