70-417 Exam
Get Smart with 70 417 pdf
Q231. You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The
infrastructure uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure
successfully.
Which Windows PowerShell command should you run?
A. Set-ADFSProperties -SSOLifetime 1:00:00
B. Set-ADFSProperties -AddProxyAuthenticationRules None
C. Set-ADFSProperties -ExtendedProtectionTokenCheck None
D. Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh237448%28WS.10%29.aspx
Q232. OTSPOT
You have a server named DHCP1 that runs Windows Server 2012 R2. DHCP1 does not
have access to the Internet.
All roles are removed completely from DHCP
You mount a Windows Server 2012 R2 installation image to the C:\Mount folder.
You need to install the DHCP Server server role on DHCP1 by using Server Manager.
Which folder should you specify as the alternate path for the source files?
To answer, select the appropriate folder in the answer area.
Answer:
386. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2.Server1 and Server2 run a Server with a GUI installation of Windows Server 2012 R2.
You remove the Graphical Management Tools and Infrastructure feature on Server2.
You need to restart Server2.
What should you do? (To answer, drag the appropriate tools to the correct statements. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Q233. You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has three physical network adapters named NIC1, NIC2, and NIC3.
On Server1, you create a NIC team named Team1 by using NIC1 and NIC2. You configure Team1 to accept network traffic on VLAN 10.
You need to ensure that Server1 can accept network traffic on VLAN 10 and VLAN 11. The solution must ensure that the network traffic can be received on both VLANs if a network adapter fails.
What should you do?
A. From Server Manager, change the load balancing mode of Team1.
B. Run the New-NetLbfoTeamcmdlet.
C. From Server Manager, add an interface to Team1.
D. Run the Add-NetLbfoTeamMembercmdlet.
Answer: C
306. Your network contains a server named Server1 that runs Windows Server 2012. Server1
has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
VM3 is used to test applications.
You need to prevent VM3 from synchronizing its clock to Server1.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: I
Explanation:
Integration Services settings on virtual machines includes services such as operating system shutdown, time synchronization, data exchange, Heart beat, and Backup (volume snapshot services. Thus you should disable the time synchronization using Integration Services.
References: http://blogs.technet.com/b/virtualization/archive/2008/08/29/backing-up-hyper-v-virtual-machines.aspx Exam Ref 70-410, Installing and Configuring Windows Server 2012, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p. 144
Q234. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled. You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. You need to restore the membership of Group1.
What should you do?
A. Export and import data by using Dsamain.
B. Apply a virtual machine snapshot to VM1.
C. Recover the items by using Active Directory Recycle Bin.
D. Modify the isRecycled attribute of Group1.
Answer: A
Explanation:
As far as the benefits of the Windows 2012 Recycle Bin, they are the same as the Windows 2008 R2 recycle bin with the exception of the new user interface which makes it more user-friendly. These additional benefits include: All deleted AD object information including attributes, passwords and group membership can be selected in mass then undeleted from the user interface instantly or via Powershell User-friendly and intuitive interface to filter on AD objects and a time period • Can undelete containers with all child objects https://www.simple-talk.com/sysadmin/exchange/the-active-directory-recycle-bin-in-windows-server-2008-r2/ http://communities.quest.com/community/quest-itexpert/blog/2012/09/24/the-windows-server-2012-recycle-bin-and-recovery-manager-for-active- directory
Q235. Your network contains an Active Directory domain named contoso.com. The domain
contains two domain controllers named DC1 and DC2.
You install Windows Server 2012 R2 on a new computer named DC3.
You need to manually configure DC3 as a domain controller.
Which tool should you use?
A. winrm.exe
B. Server Manager
C. dcpromo.exe
D. Active Directory Domains and Trusts
Answer: B
Explanation:
When you try to DCpromo a Server 2012, you get this message:
Q236. You plan to deploy a file server to a temporary location.
The temporary location experiences intermittent power failures.
The file server will contain a dedicated volume for shared folders.
You need to create a volume for the shared folders. The solution must minimize the
likelihood of file corruption if a power failure occurs.
Which file system should you use?
A. NFS
B. FAT32
C. ReFS
D. NTFS
Answer: C
Explanation: The ReFS file system allows for resiliency against corruptions with the option to salvage amongst many other key features like Metadata integrity with checksums, Integrity streams with optional user data integrity, and shared storage pools across machines for additional failure tolerance and load balancing, etc.
Q237. A global catalog server is available to directory clients when Domain Name System (DNS) servers can locate it as a global catalog server. In which order do the following events need to occur before the catalog server is ready?
A) The Net Logon service on the domain controller has updated DNS with global-catalogspecific service (SRV) resource records.
B) The isGlobalCatalogReadyrootDSE attribute is set to TRUE.
C) The global catalog receives replication of read-only replicas to the required occupancy level.
A. C then A, then B
B. B then C, then A
C. A then C, then B
D. C then B, then A
Answer: A
Explanation:
http://technet.microsoft.com/fr-fr/library/cc739901%28v=ws.10%29.aspx Verify global catalog readiness When a global catalog server has satisfied replication requirements, the isGlobalCatalogReady Root DSE attribute is set to TRUE and the global catalog is ready to serve clients.http://technet.microsoft.com/de-de/library/howglobal-catalog-serverswork%28v=ws.10%29.aspx How the Global Catalog Works Global Catalog Server Creation and Advertisement By default, before a domain controller advertises itself as a global catalog server in DNS, the global catalog contents must be replicated to the server. This process involves replication of a partial, read-only replica of every domain in the forest except for the domain for which the new global catalog server is authoritative. The duration of this process depends on how many domains the forest contains, the size of the domains, and the relative locations of source and destination domain controllers. If multiple domains are in the forest and if source domain controllers are located only in distant sites, the process takes longer than if all domains are in the same site or in only a few sites. When replication must occur between sites to create the global catalog, replication occurs according to the site link schedule. Requirements for Global Catalog Readiness By default, a global catalog server is not considered "ready" (the server advertises itself in DNS as a global catalog server) until all read-only directory partitions have been fully replicated to the new global catalog server. The Global Catalog Partition Occupancy registry entry under HKEY_Local_Machine\System \CurrentControlSet \Services \NTDS\Parameters determines the requirements for how many read- only directory partitions must be present on a domain controller for it to be considered a global catalog server, from no partitions (0) to all partitions (6). For domain controllers that run Windows Server 2003 or later, the default occupancy value requires that all read-only directory partitions be replicated to the global catalog server before the Net Logon service registers SRV resource records in DNS. For most conditions, this default provides the best option for ensuring that a global catalog server provides a consistent view of the directory. In less common circumstances, however, it might be useful to make the global catalog server available with an incomplete set of partial domain directory partitions for example, when delay of replication of a domain that is not required by users is jeopardizing their ability to log on.
Q238. Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table.
You need to deploy IP Address Management (IPAM) to manage DNS and DHCP.
On which server should you install IPAM?
A. DC1
B. DC2
C. DC3
D. Server1
Answer: D
Explanation: D. IPAM cannot be installed on Domain Controllers. All other servers have the DC role http://technet.microsoft.com/en-us/library/hh831353.aspx
Q239. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.
All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property.
Which three actions should you perform in sequence?
Answer:
Q240. You have a server named Server1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to meet the following requirements:
. Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent of capacity. . Log the current values of several registry settings.
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)
A. Event trace data
B. A Performance Counter Alert
C. System configuration information
D. A performance counter
Answer: B,C
Explanation:
Automatically run a program when the amount of total free disk space on Server1 drops
below 10 percent of capacity.
You can also configure alerts to start applications and performance logs
Log the current values of several registry settings.
System configuration information allows you to record the state of, and changes to, registry
keys.
Total free disk space
Registry settings
Run a program on alert http: //technet. microsoft. com/en-us/library/cc766404. aspx