70-411 Exam
Getting Smart with: mcsa 70 411
Our pass rate is high to 98.9% and the similarity percentage between our microsoft 70 411 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Microsoft 70 411 exam exam in just one try? I am currently studying for the Microsoft mcp 70 411 exam. Latest Microsoft 70 411 administering windows server 2012 r2 pdf Test exam practice questions and answers, Try Microsoft exam ref 70 411 administering windows server 2012 r2 pdf Brain Dumps First.
Q1. HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2.
You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers.
You need to identify which domain controller will be used for initial replication during the promotion of the RODC.
Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
Answer:
Q2. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature.
Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.
Answer:
Q3. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. The Secedit command
B. Group Policy Management Console (GPMC)
C. Server Manager
D. The Gpupdate command
Answer: B
Explanation:
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.
Starting with Windows Server. 2012 and Windows. 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
http: //technet. microsoft. com/en-us//library/jj134201. aspx
http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate. aspx
Q4. Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?
A. Add your user account to the Group Policy Creator Owners group.
B. Configure all domain controllers as global catalog servers.
C. Copy files from %Windir%\Policydefinitions to the central store.
D. Modify the Delegation settings of the new GPOs.
Answer: C
Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
Q5. DRAG DROP
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Network Policy and Access Services server role installed.
All of the VPN servers on your network use Server1 for RADIUS authentication.
You create a security group named Group1.
You need to configure Network Policy and Access Services (NPAS) to meet the following
requirements:
. Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.
. Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later.
Which type of policy should you create for each requirement?
To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q6. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a member server that runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed.
You create a new multicast session in WDS and connect 50 client computers to the session.
When you open the Windows Deployment Services console, you discover that all of the computers are listed as pending devices.
You need to ensure that any of the computers on the network can join a multicast transmission without requiring administrator approval.
What should you configure?
To answer, select the appropriate tab in the answer area.
Answer:
Q7. Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table.
You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.)
A. The Authentication settings
B. The Standard RADIUS Attributes settings
C. The Location Groups condition
D. The Identity Type condition
E. The User Name condition
Answer: A,E
Explanation:
The User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern-matching syntax to specify user names.
By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network. Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access-Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy
Connection request policies are sets of conditions and profile settings that give network administrators flexibility in configuring how incoming authentication and accounting request messages are handled by the IAS server. With connection request policies, you can create a series of policies so that some RADIUS request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS server) and other types of messages are forwarded to another RADIUS server (IAS is being used as a RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios.
With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on the time of day and day of the week, by the realm name in the request, by the type of connection being requested, by the IP address of the RADIUS client, and so on.
References: http: //technet. microsoft. com/en-us/library/cc757328. aspx
http: //technet. microsoft. com/en-us/library/cc753603. aspx
Q8. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
Administrators use client computers that run Windows 8 to perform all management tasks.
A central store is configured on a domain controller named DC1.
You have a custom administrative template file named App1.admx. App1.admx contains application settings for an application named Appl.
From a client computer named Computer1, you create a new Group Policy object (GPO) named GPO1.
You discover that the application settings for App1 fail to appear in GPO1.
You need to ensure that the App1 settings appear in all of the new GPOs that you create.
What should you do?
A. From the Default Domain Controllers Policy, add App1.admx to the Administrative Templates.
B. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\.
C. From the Default Domain Policy, add App1.admx to the Administrative Templates.
D. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs.
Answer: B
Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
Q9. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
What should you do?
A. Transfer the schema master to DC6.
B. Transfer the PDC emulator to DC5.
C. Transfer the schema master to DC4.
D. Transfer the PDC emulator to DC2.
Answer: D
Explanation:
A deployed Windows Server 2012 domain controller (virtualized or physical) that hosts the PDC emulator role (DC1). To verify whether the PDC emulator role is hosted on a Windows Server 2012 domain controller, run the following Windows PowerShell command: Get-ADComputer (Get-ADDomainController –Discover –Service "PrimaryDC").name –Propertyoperatingsystemversion|fl
Reference: http: //technet. microsoft. com/en-us/library/hh831734. aspx#steps_deploy_vdc
Q10. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controller must be online when cloning a domain controller.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
Answer: D
Explanation: One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role.
Example: Command Prompt: C:\PS>
Get-ADDomain
Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com
Incorrect:
Not A: The Get-ADGroupMember cmdlet gets the members of an Active Directory group.
Members can be users, groups, and computers.
Not E: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.
Not F: The Get-ADAuthorizationGroup cmdlet gets the security groups from the specified user, computer or service accounts token.
Reference: Step-by-Step: Domain Controller Cloning
http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx
Reference: Get-ADDomain https://technet.microsoft.com/en-us/library/ee617224.aspx