Tactics to 70 411 study guide

70-411 Exam

Actualtests offers free demo for exam ref 70 411 administering windows server 2012 r2 pdf exam. "Administering Windows Server 2012", also known as exam ref 70 411 administering windows server 2012 r2 pdf exam, is a Microsoft Certification. This set of posts, Passing the Microsoft 70 411 pdf exam, will help you answer those questions. The exam 70 411 Questions & Answers covers all the knowledge points of the real exam. 100% real Microsoft 70 411 exam dumps pdf exams and revised by experts!

Q111. Your network contains an Active Directory domain named contoso.com.

You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.)

You plan to use the User1 account as a service account. The service will forward authentication requests to other servers.

You need to ensure that you can view the Delegation tab from the properties of the User1 account.

What should you do first?

A. Configure the Name Mappings of User1.

B. Modify the user principal name (UPN) of User1.

C. Configure a Service Principal Name (SPN) for User1.

D. Modify the Security settings of User1.

Answer: C

Explanation:

If you cannot see the Delegation tab, do one or both of the following:

support tools on your CD. Delegation is only intended to be used by service accounts,

which should have registered SPNs, as opposed to a regular user account which typically

does not have SPNs.

Raise the functional level of your domain to Windows Server 2003. For more information,

see Related Topics.

References:

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx

http: //technet. microsoft. com/en-us/library/cc739474(v=ws. 10). aspx

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx

Q112. Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.

The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.

You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.

You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Set the Ordering method of \\contoso.com\public to Random order.

B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.

C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.

D. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client's site.

E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.

F. Set the Ordering method of \\contoso.com\public to Lowest cost.

Answer: C,D

Explanation:

Exclude targets outside of the client's site In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set to "First among all targets" or "Last among all targets" are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client's site. Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.

Q113. Your network contains a single Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains 400 desktop computers that run Windows 8 and 10 desktop computers that run Windows XP Service Pack 3 (SP3). All new desktop computers that are added to the domain run Windows 8.

All of the desktop computers are located in an organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings. You link GPO1 to OU1.

You need to ensure that GPO1 is applied only to computers that run Windows XP SP3.

What should you do?

A. Create and link a WML filter to GPO1

B. Run the Set-GPInheritance cmdlet and specify the -target parameter.

C. Run the Set-GPLink cmdlet and specify the -target parameter.

D. Modify the Security settings of OU1.

Answer: A

Explanation:

WMI Filtering is used to get information of the system and apply the GPO on it with the condition is met.

Security filtering: apply a GPO to a specific group (members of the group)

Q114. HOTSPOT

Your network contains an Active Directory domain named contoso.com. You implement DirectAccess.

You need to view the properties of the DirectAccess connection.

Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.

Answer:

Q115. Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1.

You create a global group named RODC_Admins.

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.

What should you do?

A. From Active Directory Sites and Services, run the Delegation of Control Wizard.

B. From a command prompt, run the dsadd computer command.

C. From Active Directory Site and Services, configure the Security settings of the R0DC1 server object.

D. From a command prompt, run the dsmgmt local roles command.

Answer: D

Explanation:

RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

Q116. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed.

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1.

You need to configure replica downstream servers to send Server1 summary information about the computer update status.

What should you do?

A. From Server1, configure Reporting Rollup.

B. From Server2, configure Reporting Rollup.

C. From Server2, configure Email Notifications.

D. From Server1, configure Email Notifications.

Answer: A

Explanation:

WSUS Reporting Rollup Sample Tool

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file.

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx

Q117. Your network contains an Active Directory domain named contoso.com. The domain

contains a domain controller named DC1 that runs Windows Server 2012 R2.

You create an Active Directory snapshot of DC1 each day.

You need to view the contents of an Active Directory snapshot from two days ago.

What should you do first?

A. Run the dsamain.exe command.

B. Stop the Active Directory Domain Services (AD DS) service.

C. Start the Volume Shadow Copy Service (VSS).

D. Run the ntdsutil.exe command.

Answer: A

Explanation:

Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server.

: http://technet.microsoft.com/en-us/library/cc772168.aspx

Q118. Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Servers, and Server4.

Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1.

You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receive connection requests if both Server2 and Server3 are unavailable.

How should you configure Group1?

A. Change the Weight of Server4 to 10.

B. Change the Weight of Server2 and Server3 to 10.

C. Change the Priority of Server2 and Server3 to 10.

D. Change the Priority of Server4 to 10.

Answer: D

Explanation:

During the NPS proxy configuration process, you can create remote RADIUS server groups and then add RADIUS servers to each group. To configure load balancing, you must have more than one RADIUS server per remote RADIUS server group. While adding group members, or after creating a RADIUS server as a group member, you can access the Add RADIUS server dialog box to configure the following items on the Load Balancing tab:

Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.

Weight. NPS uses this Weight setting to determine how many connection requests to send to each group member when the group members have the same priority level. Weight setting must be assigned a value between 1 and 100, and the value represents a percentage of 100 percent. For example, if the remote RADIUS server group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxy forwards 50 percent of the connection requests to each RADIUS server.

Advanced settings. These failover settingsprovide a way for NPS to determine whether the remote RADIUS server is unavailable. If NPS determines that a RADIUS server is unavailable, it can start sending connection requests to other group members. With these settings you can configure the number of seconds that the NPS proxy waits for a response from the RADIUS server before it considers the request dropped; the maximum number of dropped requests before the NPS proxy identifies the RADIUS server as unavailable; and the number of seconds that can elapse between requests before the NPS proxy identifies the RADIUS server as unavailable.

The default priority is 1 and can be changed from 1 to 65535. So changing server 2 and 3 to priority 10 is not the way to go.

Reference: http: //technet. microsoft. com/en-us/library/dd197433(WS. 10). aspx

Q119. You have a group Managed Service Account named Service01. Three servers named Server01, Server02, and Server03 currently use the Service01 service account.

You plan to decommission Server01.

You need to remove the cached password of the Service01 service account from Server01. The solution must ensure that Server02 and Server 03 continue to use Service01.

Which cmdlet should you run?

A. Set-ADServiceAccount

B. Remove-ADServiceAccount

C. Uninstall-ADServiceAccount

D. Reset-ADServiceAccountPassword

Answer: B

Explanation: The Remove-ADServiceAccount cmdlet removes an Active Directory service account. This cmdlet does not make changes to any computers that use the service account. After this operation, the service account is no longer hosted on the target computer but still exists in the directory.

Incorrect:

Not C: The Uninstall-ADServiceAccount cmdlet removes an Active Directory service

account on the computer on which the cmdlet is run. The specified service account must be installed on the computer.

Reference: Remove-ADServiceAccount

https://technet.microsoft.com/en-us/library/ee617190.aspx

Q120. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.

Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.

You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1.

What should you create?

A. A connection request policy that has the Service Type condition

B. A connection request policy that has the Identity Type condition

C. A network policy that has the Identity Type condition

D. A network policy that has the MS-Service Class condition

Answer: D

Explanation:

MS-Service Class

Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.

Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want to configure.

In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network Access Protection group of conditions.

If you want to configure the Identity Type condition, click Identity Type, and then click Add.

In Specify the method in which clients are identified in this policy, select the items appropriate for your deployment, and then click OK.

The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods to allow client health checks when NPS does not receive an Access-Request message that contains a value for the User-Name attribute; in this case, client health checks are performed, but authentication and authorization are not performed.

If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and then click Add.

The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method.

References: http: //technet. microsoft. com/en-us/library/cc731560(v=ws. 10). aspx

http: //technet. microsoft. com/en-us/library/cc731220(v=ws. 10). aspx