Questions Ask for 70 417 pdf

70-417 Exam

we provide Approved Microsoft microsoft 70 417 testing engine which are the best for clearing 70 417 vce test, and to get certified by Microsoft Upgrading Your Skills to MCSA Windows Server 2012. The microsoft 70 417 Questions & Answers covers all the knowledge points of the real 70 417 dumps exam. Crack your Microsoft exam 70 417 Exam with latest dumps, guaranteed!

Q71. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.

The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com.

Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.

You need to configure Server1 to support the resolution of names in fabrikam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.

What should you do on Server1?

A. Create a stub zone.

B. Create a secondary zone.

C. Add a forwarder.

D. Create a conditional forwarder.

Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc771898(v=ws.10).aspx Stub zone doesn't host the records themselves Forwarder and conditional forwarders simply give instructions on where to forward DNS requests to.

Q72. You have a file server named Server1 that runs a Server Core Installation of Windows

Server 2012 R2.

Server1 has a volume named D that contains user data. Server1 has a volume named E

that is empty.

Server1 is configured to create a shadow copy of volume D every hour.

You need to configure the shadow copies of volume D to be stored on volume E.

What should you run?

A. The Set-Volume cmdlet with the -driveletter parameter

B. The Set-Volume cmdlet with the -path parameter

C. The vssadmin.exe add shadowstorage command

D. The vssadmin.exe create shadow command

Answer: C

Explanation: http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

Q73. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

On a server named Server2, you perform a Server Core Installation of Windows Server 2012 R2. You join Server2 to the contoso.com domain. You need to ensure that you can manage Server2 by using the Computer Management console on Server1.

What should you do on Server2?

A. Run the Disable-NetFirewallRulecmdlet.

B. Run the Enable-NetFirewallRulecmdlet.

C. Run sconfig.exe and configure the network settings.

D. Run sconfig.exe and configure remote management.

Answer: B

Explanation:

As we can see on the following screenshot, Remote Management is enabled by default on a new Server Core installation of 2012 (so we don't have to configure it on Server2) BUT that's not enough as it only enables WinRM-based remote management (and computer management is not WinRM- based of course). To enable the remote management from an MMC (such as server manager, or computer manager), we have to enable exception rules in the Firewall, which can be done, amongst other ways, using Powershell and the Enable-NetFirewallRulecmdlet.

http://technet.microsoft.com/en-us/library/jj554869.aspx Enable-NetFirewallRule Detailed Description The Enable-NetFirewallRulecmdlet enables a previously disabled firewall rule to be active within the computer or a group policy organizational unit. This cmdlet gets one or more firewall rules to be enabled with the Name parameter (default), the DisplayName parameter, rule properties, or by associated filters or objects. The Enabled parameter for the resulting queried rules is set to True.

Q74. RAG DROP

You plan to deploy a failover cluster that will contain two nodes that run Windows Server 2012 R2.

You need to configure a witness disk for the failover cluster.

How should you configure the witness disk?

To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

24. Your network contains an Active Directory forest. The forest contains a single domain named contoso.com and corp.contoso.com. The forest contains four domain controllers.

The domain controllers are configured as shown in the following table.

All domain controllers are DNS servers.

In the corp.contoso.com domain, you plan to deploy a new domain controller named DC5.

You need to identify which domain controller must be online to ensure that DC5 can be

promoted successfully to a domain controller.

Which domain controller identify which domain controller must be online to ensure that DC5

can be promoted successfully to a domain controller.

Which domain controller should you identify?

A. DC1

B. DC2

C. DC3

D. DC4

Answer: C

Explanation:

In order to add a Domain Controller to corp.contoso.com, you need PDC and RID of that domain, not of the root domain. The Domain Naming Master is needed to add, remove and rename domains in the forest, i.e. not for individual Domain Controllers.

Q75. Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You create a folder named Folder1. You share Folder1 as Share1.

The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.)

The Everyone group has the Full control Share permission to Folder1.

You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)

Members of the IT group report that they cannot modify the files in Folder1. You need to

ensure that the IT group members can modify the files in Folder1. The solution must use central access policies to control the permissions. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. On the Security tab of Folder1, remove the permission entry for the IT group.

B. On the Classification tab of Folder1, set the classification to "Information Technology".

C. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.

D. On Share1, assign the Change Share permission to the IT group.

E. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group.

Answer: B,C

Explanation:

A: On the Security tab of Folder1, remove the permission entry for the IT group. => tested => it failed of course, users don't even have read permissions anymore

D: On Share1, assign the Change share permission to the IT group =>Everyone already has the full control share permission => won't solve the problem which is about the NTFS Read permission

E: On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group => how could a condition, added to a read permission, possibly transform a read to a modify permission? If they had said "modify the permission and add a conditional expression" => ok (even if that's stupid, it works) a condition is Applied to the existing permissions to filter existing access to only matching users or groups so if we Apply a condition to a read permission, the result will only be that less users (only them matching the conditions) will get those read permissions, which actually don't solve the problem neither so only one left:

C: On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group => for sure it works and it's actually the only one which works, but what about security? well i first did not consider this method => "modify" permission for every single authenticated users? But now it looks very clear:

THE MORE RESTRICTIVE PERMISSION IS ALWAYS THE ONE APPLIED!! So "Modify" for Authenticated Users group and this will be filtered by the DAC who only allows IT group. and it matches the current settings that no other user (except admin, creator owner, etc...) can even read the folder. and this link confirms my theory:

http://autodiscover.wordpress.com/2012/09/12/configuring-dynamic-access-controls-andfileclassificationpart4-winservr-2012-dac-microsoft- mvpbuzz/

Configuring Dynamic Access Controls and File Classification

Note:

In order to allow DAC permissions to go into play, allow everyone NTFS full control

permissions and then DAC will overwrite it, if the user doesn't have NTFS permissions he

will be denied access even if DAC grants him access.

And if this can help, a little summary of configuring DAC:

Q76. You have a server named Server1 that runs Windows Server 2012 R2.

You discover that the performance of Server1 is poor.

The results of a performance report generated on Server1 are shown in the following table.

You need to identify the cause of the performance issue.

What should you identify?

A. Insufficient processors

B. Excessive paging

C. Driver malfunction

D. Insufficient RAM

Answer: C

Explanation:

Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface. Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity. Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.

Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue. Memory: Pages/sac This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data. http://technet.microsoft.com/en-us/library/cc768048.aspx

Q77. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is named DC1.

The network contains a member server named Server1 that runs Windows Server 8.

You need to promote Server1 to a domain controller by using install from media (IFM).

What should you do first?

A. Run the Active Directory Domain Services Installation Wizard on DC1.

B. Upgrade DC1 to Windows Server 2012 R2.

C. Run the Active Directory Domain Services Configuration Wizard on Server1.

D. Create a system state backup of DC1.

E. Create IFM media on DC1.

Answer: B

Explanation: This is the only valid option. You could install ADDS role on Server 1 and run ADDS configuration wizard and add DC to existing domain.

Explanation http://technet.microsoft.com/en-us/library/cc770654(v=ws.10).aspx

Q78. OTSPOT

You have a server named Server1 that runs Windows Server 2012 R2. The volumes on Server1 are configured as shown in the following table.

A new corporate policy states that backups must use Windows Azure Backup whenever possible.

You need to identify which backup methods you must use to back up Server1. The solution must use Windows Azure Backup whenever possible.

Which backup type should you identify for each volume?

To answer, select the appropriate backup type for each volume in the answer area.

Answer:

57. Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2.

Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com.

You plan to perform maintenance on Server1. You need to ensure that all new connections to App1 are directed to Server2.

The solution must not disconnect the existing connections to Server1.

What should you run?

A. The Set-NlbCluster cmdlet

B. The Set-NlbClusterNode cmdlet

C. The Stop-NlbCluster cmdlet

D. The Stop-NlbClusterNode cmdlet

Answer: D

Q79. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has following storage spaces:

Data

Users

Backups

Primordial

....

You add an additional hard disk to Server1.

You need to identify which storage space contains the new hard disk.

Which storage space contains the new disk?

A. Primordial

B. Data

C. Backups

D. Users

Answer: A

Explanation:

New Disks (Unallocated space) added to Primordial spacePrimordial Pool? All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. Thiscan be considered the default pool for devices from which any other pools will be created. Notice that there are no other virtual disks or pools at this point. The Primordial Pool will only consist of physical storage devices that do not belong to any other pools.

http://blogs.technet.com/b/canitpro/archive/2012/12/13/storage-pools-dive-right-in.aspx http:// blogs.technet.com/b/askpfeplat/archive/2012/10/10/windows-server-2012-storagespaces-is- it for-youcould-be.aspx

Q80. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.

You need to create 3-TB virtual hard disk (VHD) on Server1.

Which tool should you use?

A. Share and Storage Management

B. Server Manager

C. New-VirtualDisk

D. Computer Management

Answer: C

Explanation:

NOT A Share and Storage will only let you create a VHD on a storage pool NOT B Server Manager, can't find where to create this. NOT C Is this powershell ? the command should be NEW-VHD (http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/07/powertip-create-a- new-vhd-with-windows-powershell.aspx)

D Computer management is the only valid yet non available answer.

I'd be left with C, hoping they'd have the good powershell command.

Note:

From @L_Ranger, Computer Management is not an option anymore.

Back to New-VirtualDisk

Old explanation : D (Computer management)

For Server 2012:

http://technet.microsoft.com/en-us/library/dd851645.aspx

For Server 2008:

http://www.techrepublic.com/blog/the-enterprise-cloud/build-vhds-offline-with-server-manager/ With the Server Manager snap-in, you can create and attach a .VHD file directly.

Figure A shows the drop-down box where a.VHD file can be created and attached. Figure