70-411 Exam
Super ways to microsoft windows server 2012 certification - exam 70-411 training video
Proper study guides for Rebirth Microsoft Administering Windows Server 2012 certified begins with Microsoft 70-411 preparation products which designed to deliver the Precise 70-411 questions by making you pass the 70-411 test at your first time. Try the free 70-411 demo right now.
2021 Oct exam 70-411 practice test:
Q81. HOTSPOT
Your company has two offices. The offices are located in Montreal and Seattle.
The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
You need to configure Server2 to download updates that are approved on Server1 only.
What cmdlet should you run? To answer, select the appropriate options in the answer area.
Answer:
Q82. Your network contains two Active Directory domains named contoso.com and adatum.com.
The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone.
You need to configure Server1 to resolve names in the adatum.com domain. The solution must meet the following requirements:
Prevent the need to change the configuration of the current name servers that host zones for adatum.com. Minimize administrative effort.
Which type of zone should you create?
A. Secondary
B. Stub
C. Reverse lookup
D. Primary
Answer: B
Explanation:
When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone.
A stub zone is a copy of a zone that contains only necessary resource records (Start of Authority (SOA), Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the authoritative name server. The stub zone allows the server to forward queries to the name server that is authoritative for the master zone without going up to the root name servers and working its way down to the server. While a stub zone can improve performance, it does not provide redundancy or load sharing.
You can use stub zones to:
Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone.
Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers, without having to query the Internet or an internal root server for the DNS namespace.
Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy and load sharing.
There are two lists of DNS servers involved in the loading and maintenance of a stub zone:
The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone.
The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records.
When a DNS server loads a stub zone, such as widgets. tailspintoys.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets. tailspintoys.com. The list of master servers may contain a single server or multiple servers, and it can be changed anytime.
References: http: //technet.microsoft.com/en-us/library/cc771898.aspx http: //technet.microsoft.com/en-us/library/cc754190.aspx http: //technet.microsoft.com/en-us/library/cc730980.aspx
Q83. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
Answer: C
Explanation:
When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both.
You can use the File Server Resource Manager console to configure the owner distribution list by editing the management properties of the classification properties.
Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12
Q84. Your network contains a domain controller named DC1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to collect the following information:
. The amount of Active Directory data replicated between DC1 and the other domain controllers
. The current values of several registry settings
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)
A. Event trace data
B. A Performance Counter Alert
C. System configuration information
D. A performance counter
Answer: B,C
Explanation:
Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent of capacity.
You can also configure alerts to start applications and performance logs Log the current values of several registry settings.
System configuration information allows you to record the state of, and changes to, registry keys.
Total free disk space
Registry settings
Run a program on alert
Reference: http: //technet. microsoft. com/en-us/library/cc766404. aspx
Q85. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A. A system health validator (SHV)
B. The Host Credential Authorization Protocol (HCAP)
C. A computer certificate
D. The Remote Access server role
Answer: C
Explanation:
Configure NAP enforcement for VPN
This checklist provides the steps required to deploy computers with Routing and Remote
Access Service installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection (NAP).
Most up-to-date exam 70-411 administering windows server 2012 lab manual pdf:
Q86. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement.
A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.
You need to ensure that the client computers can discover HRA servers automatically.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On all of the client computers, configure the EnableDiscovery registry key.
B. In a GPO, modify the Request Policy setting for the NAP Client Configuration.
C. On Server2, configure the EnableDiscovery registry key.
D. On DC1, create an alias (CNAME) record.
E. On DC1, create a service location (SRV) record.
Answer: A,B,E
Explanation:
Requirements for HRA automatic discovery
The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery:
Client computers must be running Windows Vista. with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3).
The HRA server must be configured with a Secure Sockets Layer (SSL) certificate.
The EnableDiscovery registry key must be configured on NAP client computers.
DNS SRV records must be configured.
The trusted server group configuration in either local policy or Group Policy must be cleared.
http: //technet. microsoft. com/en-us/library/dd296901. aspx
Q87. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
A support technician accidentally deletes a user account named User1.
You need to use tombstone reanimation to restore the User1 account.
Which tool should you use?
A. Active Directory Administrative Center
B. Ntdsutil
C. Ldp
D. Esentutl
Answer: C
Explanation:
Use Ldp.exe to restore a single, deleted Active Directory object This feature takes advantage of the fact that Active Directory keeps deleted objects in the database for a period of time before physically removing them. use Ldp.exe to restore a single, deleted Active Directory object
The LPD.exe tool, included with Windows Server 2012, allows users to perform operations against any LDAP-compatible directory, including Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata.
References:
http: //www. petri. co. il/manually-undeleting-objects-windows-active-directory-ad. htm
http: //www. petri. co. il/manually-undeleting-objects-windows-active-directory-ad. htm
http: //technet. microsoft. com/en-us/magazine/2007. 09. tombstones. aspx
http: //technet. microsoft. com/nl-nl/library/dd379509(v=ws. 10). aspx#BKMK_2
http: //technet. microsoft. com/en-us/library/hh875546. aspx
http: //technet. microsoft. com/en-us/library/dd560651(v=ws. 10). aspx
Q88. Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle bin is enabled for contoso.com.
A support technician accidentally deletes a user account named User1. You need to restore the User1 account.
Which tool should you use?
A. Ldp
B. Esentutl
C. Active Directory Administrative Center
D. Ntdsutil
Answer: C
Q89. Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway.
A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.2S4.
You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.
What should you do on Server1?
A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
B. Add 10.1.14.254 as a gateway and set the metric to 1.
C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
D. Add 10.1.14.254 as a gateway and set the metric to 500.
Answer: C
Explanation:
To configure the Automatic Metric feature:
1. In Control Panel, double-click Network Connections.
2. Right-click a network interface, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. On the General tab, click Advanced.
5. To specify a metric, on the IP Settings tab, click to clear the Automatic metric check box, and then enter the metric that you want in the Interface Metric field.
To manually add routes for IPv4
Open the Command Prompt window by clicking the Start button Picture of the Start button.
In the search box, type Command Prompt, and then, in the list of results, click Command Prompt.
At the command prompt, type route -p add [destination] [mask <netmask>] [gateway]
[metric <metric>] [if <interface>].
Q90. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controllers are authorized to be cloned by using virtual domain controller cloning.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
Answer: D
Explanation: One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role.
Example: Command Prompt: C:\PS> Get-ADDomain
Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com
Reference: Step-by-Step: Domain Controller Cloning
http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx
Reference: Get-ADDomain
https://technet.microsoft.com/en-us/library/ee617224.aspx