getcertified4sure.com

70-411 Exam

Jan 2021 updated: 70 411 pdf



Master the exam 70 411 Administering Windows Server 2012 content and be ready for exam day success quickly with this Pass4sure exam ref 70 411 exam answers. We guarantee it!We make it a reality and give you real microsoft 70 411 questions in our Microsoft 70 411 exam questions braindumps.Latest 100% VALID Microsoft mcp 70 411 Exam Questions Dumps at below page. You can use our Microsoft 70 411 exam questions braindumps and pass your exam.

Q21. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

You generalize Server2. 

You install the Windows Deployment Services (WDS) server role on Server1. 

You need to capture an image of Server2 on Server1. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Answer: 


Q22. HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443. 

What should you modify? To answer, select the appropriate object in the answer area. 

Answer: 


Q23. HOTSPOT 

Your network contains 25 Web servers that run Windows Server 2012 R2. 

You need to configure auditing policies that meet the following requirements: 

. Generate an event each time a new process is created. 

. Generate an event each time a user attempts to access a file share. 

Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area. 

Answer: 


Q24. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients. 

You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts. 

You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers. 

Which two settings should you configure in GPO1? 

To answer, select the appropriate two settings in the answer area. 

Answer: 


Q25. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2. 

You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. On Server1, create a collector initiated subscription. 

B. On Server1, create a source computer initiated subscription. 

C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting. 

D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting. 

Answer: B,C 

Explanation: 

To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstation. 

* Group Policy The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting: 

Computer configuration-Administrative templates-Windows components-Event forwarding-Configure the server address, refresh interval, and issue certificate authority of a target subscription manager. 

* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows Components | Event Forwarding - Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager. 


Q26. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

You need to audit successful and failed attempts to read data from USB drives on the servers. 

Which two objects should you configure? To answer, select the appropriate two objects in the answer area. 

Answer: 


Q27. You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled. 

You enable BitLocker on a Cluster Shared Volume (CSV). 

You need to ensure that all of the cluster nodes can access the CSV. 

Which cmdlet should you run next? 

A. Unblock-Tpm 

B. Add-BitLockerKeyProtector 

C. Remove-BitLockerKeyProtector 

D. Enable BitLockerAutoUnlock 

Answer:

Explanation: 

4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The Active Directory protector is a domain security identifier (SID) based protector for protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a user account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active Directory identity associated with the Cluster Network name, as a BitLocker protector to the target disk volumes. Add-BitLockerKeyProtector <drive letter or CSV mount point> -ADAccountOrGroupProtector – ADAccountOrGroup $cno 


Q28. Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named Server1.contoso.com. The adatum.com forest contains a server named server2. adatum.com. Both servers have the Network Policy Server role service installed. 

The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed. 

You plan to configure Server3 as an authentication provider for several VPN servers. 

You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com. 

Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.) 

A. Remediation server groups 

B. Remote RADIUS server groups 

C. Connection request policies 

D. Network policies 

E. Connection authorization policies 

Answer: B,C 

Explanation: 

To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. 

References: http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 


Q29. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2. You enable the EventLog-Application event trace session. 

You need to set the maximum size of the log file used by the trace session to 10 MB. From which tab should you perform the configuration? To answer, select the appropriate tab in the answer area. 

Answer: 


Q30. Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2. 

Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. AH of the virtual machines run Windows Server 2008 R2. 

You need to view the amount of memory resources and processor resources that VM4 currently uses. 

Which tool should you use on Hyperv1? 

A. Windows System Resource Manager (WSRM) 

B. Task Manager 

C. Hyper-V Manager 

D. Resource Monitor 

Answer:

Explanation: 

Hyper-V Performance Monitoring Tool Know which resource is consuming more CPU. Find out if CPUs are running at full capacity or if they are being underutilized. Metrics tracked include Total CPU utilization, Guest CPU utilization, Hypervisor CPU utilization, idle CPU utilization, etc. 

WSRM is deprecated starting with Windows Server 2012 


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.