getcertified4sure.com

70-411 Exam

Getting Smart with: 70 411 exam questions



Exam Code: 70 411 exam (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass exam ref 70 411 Exam.

Q61. Your network contains one Active Directory domain named contoso.com. 

From the Group Policy Management console, you view the details of a Group Policy object (GPO) named GPO1. You need to ensure that the comments field of GPO1 contains a detailed description of 

GPO1. 

What should you do? 

A. From Active Directory Users and Computers, edit the properties of contoso.com/System/Policies/{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}. 

B. Open GPO1 in the Group Policy Management Editor, and then modify the properties of GPO1. 

C. From Notepad, edit \\contoso.com\SYSVOL\ contoso.com\Policies\{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}\gpt.ini. 

D. From Group Policy Management, click View, and then click Customize. 

Answer:

Explanation: Adding a comment to a Group Policy object 

Open the Group Policy Management Console. Expand the.Group Policy Objects.node

. Right-click the Group Policy object you want to comment and then click.Edit.

. In the console tree, right-click the name of the Group Policy object and then click.Properties.

. Click the.Comment.tab. 

Type your comments in the.Comment.box. 

Click.OK 

Reference: Comment a Group Policy Object 

https://technet.microsoft.com/en-us/library/cc770974.aspx 


Q62. HOTSPOT 

You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate. 

You need to configure a website on Server1 to use Secure Sockets Layer (SSL). 

To which store should you import the certificate? To answer, select the appropriate store in the answer area. 

Answer: 


Q63. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed. 

Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes. 

You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.) 

You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1. 

What should you create? 

A. A connection request policy that has the Service Type condition 

B. A connection request policy that has the Identity Type condition 

C. A network policy that has the Identity Type condition 

D. A network policy that has the MS-Service Class condition 

Answer:

Explanation: 

MS-Service Class 

Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. 

Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want to configure. 

In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network Access Protection group of conditions. 

If you want to configure the Identity Type condition, click Identity Type, and then click Add. 

In Specify the method in which clients are identified in this policy, select the items appropriate for your deployment, and then click OK. 

The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods to allow client health checks when NPS does not receive an Access-Request message that contains a value for the User-Name attribute; in this case, client health checks are performed, but authentication and authorization are not performed. 

If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and then click Add. 

The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. 

References: http: //technet. microsoft. com/en-us/library/cc731560(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/cc731220(v=ws. 10). aspx 


Q64. You have a server named Server 1. 

You enable BitLocker Drive Encryption (BitLocker) on Server 1. 

You need to change the password for the Trusted Platform Module (TPM) chip. 

What should you run on Server1? 

A. Manage-bde.exe 

B. Set-TpmOwnerAuth 

C. bdehdcfg.exe 

D. tpmvscmgr.exe 

Answer:

Explanation: 

The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry. 

Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value. 


Q65. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 

A network administrator accidentally deletes the Default Domain Policy GPO. 

You do not have a backup of any of the GPOs. 

You need to recreate the Default Domain Policy GPO. 

What should you use? 

A. Dcgpofix 

B. Get-GPOReport 

C. Gpfixup 

D. Gpresult 

E. Gpedit. msc 

F. Import-GPO 

G. Restore-GPO 

H. Set-GPInheritance 

I. Set-GPLink 

J. Set-GPPermission 

K. Gpupdate 

L. Add-ADGroupMember 

Answer:

Explanation: 

Dcgpofix Restores the default Group Policy objects to their original state (that is, the default state after initial installation). 

Reference: http: //technet. microsoft. com/en-us/library/hh875588(v=ws. 10). aspx 


Q66. DRAG DROP 

Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. 

The schema is upgraded to Windows Server 2012 R2. 

Contoso.com contains two servers. The servers are configured as shown in the following table. 

Server1 and Server2 host a load-balanced application pool named AppPool1. 

You need to ensure that AppPool1 uses a group Managed Service Account as its identity. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Answer: 


Q67. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. 

Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area. 

Answer: 


Q68. Your network contains multiple Active Directory sites. 

You have a Distributed File System (DFS) namespace that has a folder target in each site. 

You discover that some client computers connect to DFS targets in other sites. 

You need to ensure that the client computers only connect to a DFS target in their respective site. 

What should you modify? 

A. The properties of the Active Directory sites 

B. The properties of the Active Directory site links 

C. The delegation settings of the namespace 

D. The referral settings of the namespace 

Answer:

Reference: 

http://www.windowsnetworking.com/articles_tutorials/Configuring-DFS-Namespaces.html 


Q69. You have a server named Server1 that runs Windows Server 2012 R2. 

An administrator creates a quota as shown in the Quota exhibit. (Click the Exhibit button.) 

You run the dir command as shown in the Dir exhibit. (Click the Exhibit button.) 

You need to ensure that D:\Folder1 can only consume 100 MB of disk space. 

What should you do? 

A. From File Server Resource Manager, create a new quota. 

B. From File Server Resource Manager, edit the existing quota. 

C. From the Services console, set the Startup Type of the Optimize drives service to Automatic. 

D. From the properties of drive D, enable quota management. 

Answer:

Explanation: 

1. In Quota Management, click the Quota Templates node. 

2. In the Results pane, select the template on which you will base your new quota. 

3. Right-click the template and click Create Quota from Template (or select Create Quota from Template from the Actions pane). This opens the Create Quota dialog box with the summary properties of the quota template displayed. 

4. Under Quota path, type or browse to the folder that the quota will apply to. 

5. Click the Create quota on path option. Note that the quota properties will apply to the entire folder. 

Note: To create an auto apply quota, click the Auto apply template and create quotas on existing and new subfolders option. For more information about auto apply quotas, see Create an Auto Apply Quota. 

6. Under Drive properties from this quota template, the template you used in step 2 to create your new quota is preselected (or you can select another template from the list). Note that the template's properties are displayed under Summary of quota properties. 

7. Click Create. 

Create a new Quota on path, without using the auto apply template and create quota on existing and new subfolders. 

Reference: http: //technet.microsoft.com/en-us/library/cc755603(v=ws.10).aspx 


Q70. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. 

Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection. 

You need to minimize the amount of processor resources consumed by DFS Replication. 

What should you do? 

A. Modify the replication schedule. 

B. Modify the staging quota. 

C. Disable Remote Differential Compression (RDC). 

D. Reduce the bandwidth usage. 

Answer:

Explanation: 

Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files. 

Question tells it uses a high-speed LAN connection. 

References: http: //technet. microsoft. com/en-us/library/cc758825%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc754229. aspx 


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.