• Home
• Microsoft
• 70-411 : Administering Windows Server 2012

[Avant-garde] administering windows server

---

Act now and download your Microsoft 70-411 test today! Do not waste time for the worthless Microsoft 70-411 tutorials. Download Improved Microsoft Administering Windows Server 2012 exam with real questions and answers and begin to learn Microsoft 70-411 with a classic professional.

2021 Nov exam ref 70-411 administering windows server 2012 ebook:

Q31. Your network contains an Active Directory domain named contoso.com. The domain 

contains a domain controller named DC1 that runs Windows Server 2012 R2. 

You mount an Active Directory snapshot on DC1. 

You need to expose the snapshot as an LDAP server. 

Which tool should you use? 

A. Ldp 

B. ADSI Edit 

C. Dsamain 

D. Ntdsutil 

Answer: C 

Explanation: 

dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389 

Reference: http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx 

Q32. You have a server named Server1 that runs Windows Server 2012 R2. 

An administrator creates a quota as shown in the Quota exhibit. (Click the Exhibit button.) 

You run the dir command as shown in the Dir exhibit. (Click the Exhibit button.) 

You need to ensure that D:\Folder1 can only consume 100 MB of disk space. 

What should you do? 

A. From File Server Resource Manager, create a new quota. 

B. From File Server Resource Manager, edit the existing quota. 

C. From the Services console, set the Startup Type of the Optimize drives service to Automatic. 

D. From the properties of drive D, enable quota management. 

Answer: A 

Explanation: 

1. In Quota Management, click the Quota Templates node. 

2. In the Results pane, select the template on which you will base your new quota. 

3. Right-click the template and click Create Quota from Template (or select Create Quota from Template from the Actions pane). This opens the Create Quota dialog box with the summary properties of the quota template displayed. 

4. Under Quota path, type or browse to the folder that the quota will apply to. 

5. Click the Create quota on path option. Note that the quota properties will apply to the entire folder. 

Note: To create an auto apply quota, click the Auto apply template and create quotas on existing and new subfolders option. For more information about auto apply quotas, see Create an Auto Apply Quota. 

6. Under Drive properties from this quota template, the template you used in step 2 to create your new quota is preselected (or you can select another template from the list). Note that the template's properties are displayed under Summary of quota properties. 

7. Click Create. 

Create a new Quota on path, without using the auto apply template and create quota on existing and new subfolders. 

Reference: http: //technet.microsoft.com/en-us/library/cc755603(v=ws.10).aspx 

Q33. Your network contains two servers named Served and Server 2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. 

On Server1, you create a standard primary zone named contoso.com. 

You plan to create a standard primary zone for ad.contoso.com on Server2. 

You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2. 

What should you do from Server1? 

A. Create a trust anchor named Server2. 

B. Create a conditional forward that points to Server2. 

C. Add Server2 as a name server. 

D. Create a zone delegation that points to Server2. 

Answer: D 

Explanation: 

You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone. For more information, see Understanding Zone Delegation. 

Q34. Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configured to notify secondary servers of changes automatically. 

You update several records on Server1. 

You need to force the replication of the contoso.com zone records from Server1 to Server2. 

What should you do from Server2? 

A. Right-click the contoso.com zone and click Reload. 

B. Right-click the contoso.com zone and click Transfer from Master. 

C. Right-click Server2 and click Update Server Data Files. 

D. Right-click Server2 and click Refresh. 

Answer: B 

Explanation: 

Initiates zone transfer from secondary server Open DNS; In the console tree, right-click the applicable zone and click Transfer from master. 

References: http: //technet. microsoft. com/en-us/library/cc779391%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc779391%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc786985(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/cc779391(v=ws. 10). aspx 

Q35. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings ofcontoso.com. 

You need to identify to which Active Directory object types you can directly apply the fine-grained password policies. 

Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.) 

A. Users 

B. Global groups 

C. computers 

D. Universal groups 

E. Domain local groups 

Answer: A,B 

Explanation: 

First off, your domain functional level must be at Windows Server 2008. Second, Fine-grained password policies ONLY apply to user objects, and global security groups. Linking them to universal or domain local groups is ineffective. I know what you’re thinking, what about OU’s? Nope, Fine-grained password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed. 

Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. 

You can apply Password Settings objects (PSOs) to users or global security groups: 

References: 

http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc770848%28v=ws. 10%29. aspx 

http: //www. brandonlawson. com/active-directory/creating-fine-grained-password-policies/ 

Rebirth cbt nuggets 70-411 with r2 updates:

Q36. Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named Server1.contoso.com. The adatum.com forest contains a server named server2. adatum.com. Both servers have the Network Policy Server role service installed. 

The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed. 

You plan to configure Server3 as an authentication provider for several VPN servers. 

You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com. 

Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.) 

A. Remediation server groups 

B. Remote RADIUS server groups 

C. Connection request policies 

D. Network policies 

E. Connection authorization policies 

Answer: B,C 

Explanation: 

To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. 

References: http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 

Q37. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. 

Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection. 

You need to minimize the amount of processor resources consumed by DFS Replication. 

What should you do? 

A. Modify the replication schedule. 

B. Modify the staging quota. 

C. Disable Remote Differential Compression (RDC). 

D. Reduce the bandwidth usage. 

Answer: C 

Explanation: 

Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files. 

Question tells it uses a high-speed LAN connection. 

References: http: //technet. microsoft. com/en-us/library/cc758825%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc754229. aspx 

Q38. You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled. 

You enable BitLocker on a Cluster Shared Volume (CSV). 

You need to ensure that all of the cluster nodes can access the CSV. 

Which cmdlet should you run next? 

A. Unblock-Tpm 

B. Add-BitLockerKeyProtector 

C. Remove-BitLockerKeyProtector 

D. Enable BitLockerAutoUnlock 

Answer: B 

Explanation: 

4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The Active Directory protector is a domain security identifier (SID) based protector for protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a user account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active Directory identity associated with the Cluster Network name, as a BitLocker protector to the target disk volumes. Add-BitLockerKeyProtector <drive letter or CSV mount point> -ADAccountOrGroupProtector – ADAccountOrGroup $cno 

Q39. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2. You enable the EventLog-Application event trace session. 

You need to set the maximum size of the log file used by the trace session to 10 MB. From which tab should you perform the configuration? To answer, select the appropriate tab in the answer area. 

Answer: 

Q40. You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1. 

You need to configure DCS1 to log data to D:\logs. 

What should you do? 

A. Right-click DCS1 and click Properties. 

B. Right-click DCS1 and click Export list. 

C. Right-click DCS1 and click Data Manager. 

D. Right-click DCS1 and click Save template. 

Answer: A 

Explanation: 

The Root Directory will contain data collected by the Data Collector Set. Change this setting if you want to store your Data Collector Set data in a different location than the default. Browse to and select the directory, or type the directory name. 

To view or modify the properties of a Data Collector Set after it has been created, you can: 

* Select the Open properties for this data collector set check box at the end of the Data 

Collector Set Creation Wizard. 

* Right-click the name of a Data Collector Set, either in the MMC scope tree or in the 

console window, and click Properties in the context menu. 

Directory tab: 

In addition to defining a root directory for storing Data Collector Set data, you can specify a 

single Subdirectory or create a Subdirectory name format by clicking the arrow to the right 

of the text entry field.