pass4sure 70-411 (1 to 10)

70-411 Exam

Surf the net and stop at the best Microsoft Microsoft website-Pass4sure.com. Uncover the best Microsoft 70-411 exam preparation materials. Try the easier and also safer way to 70-411 certification exam. Your 70-411 exam is one of the Microsoft certification exam. Pass4sure has the most accurate and logical Microsoft 70-411 practice Q&As which can be similar to the genuine test. Each of our Microsoft Microsoft exam dumps can allow you to pass the Microsoft exam in first attempt.

2021 Oct administering windows server 2012 ebook pdf:

Q1. You have two Windows Server Update Services (WSUS) servers named Server01 and Server02. Server01 synchronizes from Microsoft Update. Server02 synchronizes updates from Server01. Both servers are members of the same Active Directory domain.

You configure Server01 to require SSL for all WSUS metadata by using a certificate issued by an enterprise root certification authority (CA).

You need to ensure that Server02 synchronizes updates from Server01.

What should you do on Server02?

A. From a command prompt, run wsusutil.exe configuresslproxy server02 443.

B. From a command prompt, run wsusutil.exe configuressl server01.

C. From a command prompt, run wsusutil.exe configuresslproxy server01 443.

D. From the Update Services console, modify the Update Source and Proxy Server options.

Answer: C

Q2. You have the following Windows PowerShell Output.

You need to create a Managed Service Account.

What should you do?

A. Run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com –SAMAccountName service01.

B. Run New-AuthenticationPolicySilo, and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com.

C. Run Add-KDSRootKey, and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com.

D. Run Set-KDSConfiguration, and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com.

Answer: C

Explanation: From the exhibit we see that the required key does not exist. First we create this key, then we create the managed service account.

The Add-KdsRootKey cmdlet generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory (AD). The Microsoft Group KdsSvc generates new group keys from the new root key.

The New-ADServiceAccount cmdlet creates a new Active Directory managed service account.

Reference: New-ADServiceAccount

https://technet.microsoft.com/en-us/library/hh852236(v=wps.630).aspx

Reference: Add-KdsRootKey

ttps://technet.microsoft.com/en-us/library/jj852117(v=wps.630).aspx

Q3. HOTSPOT

Your network contains an Active Directory named contoso.com.

You have users named User1 and user2.

The Network Access Permission for User1 is set to Control access through NPS Network Policy. The Network Access Permission for User2 is set to Allow access.

A policy named Policy1 is shown in the Policy1 exhibit. (Click the Exhibit button.)

A policy named Policy2 is shown in the Policy2 exhibit. (Click the Exhibit button.)

A policy named Policy3 is shown in the Policy3 exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.

Answer:

Q4. Your network contains an Active Directory domain named contoso.com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2. You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.

You log on to DC1 by using an account that is a member of the Domain Admins group. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.

You need to ensure that you can create PSOs from Active Directory Administrative Center.

What should you do?

A. Modify the membership of the Group Policy Creator Owners group.

B. Transfer the PDC emulator operations master role to DC1.

C. Upgrade all of the domain controllers that run Window Server 2008.

D. Raise the functional level of the domain.

Answer: D

Explanation:

Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.

Step 1: Create a PSO Applies To: Windows Server 2008, Windows Server 2008 R2

Reference:

http: //technet. microsoft. com/en-us//library/cc754461%28v=ws. 10%29. aspx

Q5. Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10.

On DC10, the disk that contains the SYSVOL folder fails.

You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder.

You need to perform a non-authoritative synchronization of SYSVOL on DC10.

Which tool should you use before you start the DFS Replication service on DC10?

A. Dfsgui.msc

B. Dfsmgmt.msc

C. Adsiedit.msc

D. Ldp

Answer: C

Explanation:

How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS)

. In the ADSIEDIT. MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative:

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain> msDFSR-Enabled=FALSE

. Force Active Directory replication throughout the domain.

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:

DFSRDIAG POLLAD

. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.

. On the same DN from Step 1, set:

msDFSR-Enabled=TRUE

. Force Active Directory replication throughout the domain.

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:

DFSRDIAG POLLAD

. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL.

Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit. msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.

70-411 study guide

Refresh microsoft windows server 2012 certification - exam 70-411 training video:

Q6. Your network contains a single Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.

The domain contains 400 desktop computers that run Windows 8 and 10 desktop computers that run Windows XP Service Pack 3 (SP3). All new desktop computers that are added to the domain run Windows 8.

All of the desktop computers are located in an organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings. You link GPO1 to OU1.

You need to ensure that GPO1 is applied only to computers that run Windows XP SP3.

What should you do?

A. Create and link a WML filter to GPO1

B. Run the Set-GPInheritance cmdlet and specify the -target parameter.

C. Run the Set-GPLink cmdlet and specify the -target parameter.

D. Modify the Security settings of OU1.

Answer: A

Explanation:

WMI Filtering is used to get information of the system and apply the GPO on it with the condition is met.

Security filtering: apply a GPO to a specific group (members of the group)

Q7. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed.

Server1 contains two boot images and four install images.

You need to ensure that when a computer starts from PXE, the available operating system

images appear in a specific order.

What should you do?

A. Modify the properties of the boot images.

B. Create a new image group.

C. Modify the properties of the install images.

D. Modify the PXE Response Policy.

Answer: C

Q8. Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.

You create a global group named RODC_Admins.

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.

What should you do?

A. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.

C. From a command prompt, run the dsmgmt local roles command.

D. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.

Answer: C

Explanation:

RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

Q9. Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.

The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.

You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.

You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Set the Ordering method of \\contoso.com\public to Random order.

B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.

C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.

D. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client's site.

E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.

F. Set the Ordering method of \\contoso.com\public to Lowest cost.

Answer: C,D

Explanation:

Exclude targets outside of the client's site In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set to "First among all targets" or "Last among all targets" are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client's site. Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.

Q10. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed.

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1.

You need to configure replica downstream servers to send Server1 summary information about the computer update status.

What should you do?

A. From Server1, configure Reporting Rollup.

B. From Server2, configure Reporting Rollup.

C. From Server2, configure Email Notifications.

D. From Server1, configure Email Notifications.

Answer: A

Explanation:

WSUS Reporting Rollup Sample Tool

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file.

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx