70-417 Exam
Questions Ask for 70 417 exam
Q191. OTSPOT
Your network contains an Active Directory domain named contoso.com. The relevant servers in the domain are configured as shown in the following table.
You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not require an upgrade. Make only one selection in each row. Each correct selection is worth one point.
Answer:
Q192. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All servers runs Windows Server 2012 R2.The domain contains two
domain controllers named DC1 and DC2. Both domain controllers are virtual machines on a Hyper-V host.
You plan to create a cloned domain controller named DC3 from an image of DC1.
You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Add the computer account of DC1 to the Cloneable Domain Controllers group.
B. Create a DCCIoneConfig.xml file on DC1.
C. Add the computer account of DC3 to the Cloneable Domain Controllers group.
D. Run the Enable-AdOptionalFeaturecmdlet.
E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.
Answer: A,B
Explanation: * Cloneable Domain Controllers Group (located in the Users container). Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn't be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group.
* DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more.
Q193. RAG DROP
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain
resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q194. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Rid master
B. Domain naming master
C. PDC emulator
D. Infrastructure master
Answer: C
Explanation:
The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor. http: //technet. microsoft. com/en-us/library/hh831734. aspx
Q195. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?
A. Get-ADDomainControllerPasswordReplicationPolicy
B. Get-ADDefaultDomainPasswordPolicy
C. Active Directory Administrator Centre
D. Local Security Policies
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/ee617231.aspx To get a list of all the properties of an ADFineGrainedPasswordPolicy object, use the following command: Get-ADFineGrainedPasswordPolicy<fine grained password policy> -Properties * | Get-Member [...] EXAMPLE 2 Command Prompt: C:\PS> Get-ADFineGrainedPasswordPolicyAdminsPSO Name: AdminsPSO ComplexityEnabled: True LockoutThreshold: 0 ReversibleEncryptionEnabled : True LockoutDuration: 00:30:00 LockoutObservationWindow: 00:30:00 MinPasswordLength: 10 Precedence: 200 ObjectGUID: ba1061f0-c947-4018-a399-6ad8897d26e3 ObjectClass: msDS-PasswordSettings PasswordHistoryCount: 24 MinPasswordAge: 1.00:00:00 MaxPasswordAge: 15.00:00:00 AppliesTo: {} DistinguishedName: CN=AdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM, DC=COM Description: Get the Fine Grained Password Policy named `AdminsPSO'.
Q196. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on Server2.
You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
You need to manage IPAM from Server2.
What should you do first?
A. On Server2, open Computer Management and connect to Server1.
B. On Server1, add the Server2 computer account to the IPAM ASM Administrators group.
C. On Server2, add Server1 to Server Manager.
D. On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
Answer: C
Q197. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1.
You need to create an Active Directory snapshot on DC1.
Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer
area and arrange them in the correct order.
Answer:
Q198. You have a server named DNS1 that runs Windows Server 2012 R2.
You discover that the DNS resolution is slow when users try to access the company intranet home page by using the URL http://companyhome.
You need to provide single-label name resolution for CompanyHome that is not dependent on the suffix search order.
Which three cmdlets should you run? (Each correct answer presents part of the solution. Choose three.)
A. Add-DnsServerPrimaryZone
B. Add-DnsServerResourceRecordCName
C. Set-DnsServerDsSetting
D. Set-DnsServerGlobalNameZone
E. Set-DnsServerEDns
F. Add-DnsServerDirectory Partition
Answer: A,B,D
Q199. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Users and Computers
B. Certificate Templates
C. The Security Configuration Wizard
D. The Certificates snap-in
Answer: A
Q200. Your network contains an Active Directory forest named contoso.com. The forest contains four domains. All servers run Windows Server 2012 R2.
Each domain has a user named User1.
You have a file server named Server1 that is used to synchronize user folders by using the
Work Folders role service.
Server1 has a work folder named Sync1.
You need to ensure that each user has a separate folder in Sync1.
What should you do?
A. From Windows Explorer, modify the Sharing properties of Sync1
B. Run the Set-SyncServerSetting cmdlet
C. From File and Storage Services in Server Manager, modify the properties of Sync1
D. Run the Set-SyncShare cmdlet
Answer: D