70-417 Exam
Where to find microsoft 70 417
we provide Verified Microsoft 70 417 exam test engine which are the best for clearing 70 417 pdf test, and to get certified by Microsoft Upgrading Your Skills to MCSA Windows Server 2012. The 70 417 pdf Questions & Answers covers all the knowledge points of the real exam 70 417 exam. Crack your Microsoft exam 70 417 Exam with latest dumps, guaranteed!
Q221. OTSPOT
You have a Hyper-V host named Server1 that runs Windows Server 2008 R2.All of the virtual machines on Server1 use VHDs.
You install the Hyper-V server role on a server named Server2 that runs Windows Server 2012 R2.Server2 has the same hardware configurations as Server1.
You plan to migrate the Hyper-V host from Server1 to Server2 by using the Windows Server Migration Tools.
In the table below, identify what can be migrated by using the Windows Server Migration Tools. Make only one selection in each row. Each correct selection is worth one point.
Answer:
Q222. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has five
network adapters.
Three of the network adapters are connected to a network named LAN1.
The two other network adapters are connected to a network named LAN2.
You need to create a network adapter team from the three network adapters connected to
LAN1.
Which tool should you use?
A. Routing and Remote Access
B. Network Load Balancing Manager
C. Network and Sharing Center
D. Server Manager
Answer: D
Q223. Which terminology is being described below?
These trusts are sometimes necessary when users need access to resources that are located in a Windows NT 4.0 domain or in a domain that is in a separate Active Directory Domain Services (AD DS) forest that is not joined by a forest trust.
A. Shortcut Trusts
B. Realm Trusts
C. Forest Trusts
D. External Trust
Answer: D
Explanation:
You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest http://technet.microsoft.com/enus/library/cc775736%28v=ws.10%29.aspx Trust types
http://technet.microsoft.com/en-us/library/cc731297.aspx Understanding When to Create a Realm Trust When to create a realm trust You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and an Active Directory domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from non transitive to transitive and back. Realm trusts can also be either one-way or two way.
Q224. Your IT manager is concerned that someone is trying to gain access to your company's computers by logging on with valid domain user names and various password attempts.
Which audit policy should you monitor for these activities?
A. Policy Change
B. Account Logon
C. Privilege Use
D. Directory Service Access
Answer: B
Explanation:
Old (removed questions as came out before the exam release =>unvalid but can be The Account Logon audit category in Windows Server 2008 generates events for credential
validation. These events occur on the computer that is authoritative for the credentials
Q225. Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10.
On DC10, the disk that contains the SYSVOL folder fails.
You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which tool should you use before you start the DFS Replication service on DC10?
A. Active Directory Sites and Services
B. Ultrasound
C. Adsiedit.msc
D. Frsutil
Answer: C
Explanation:
How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL
(like "D2" for FRS)
1.
In theADSIEDIT.MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative:CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>msDFSR-Enabled=FALSE
2.
Force Active Directory replication throughout the domain. Etc
Q226. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1.
What should you create?
A. A network policy that has the MS-Service Class condition
B. A connection request policy that has the Service Type condition
C. A network policy that has the Identity Type condition
D. A connection request policy that has the Identity Type condition
Answer: A
Explanation:
A. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are
deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
Q227. Sometimes its important to remove an RODC from your forest or domain. However, its important that you follow a simple rule whilst removing RODC's. What is this rule?
A. All RODC's must be detached before removing a final writable domain controller
B. All writable domain controllers must be removed before RODC's can be detached
C. Your forest must only consist of RODC's if you want to remove them
D. There are no rules for removing RODC's
Answer: A
Explanation:
After researching this and using logic, we need a writable DC for a RODC to exist, therefore we have to remove all RODC's before removing the last writable DC.
Q228. You have a server named Server1 that runs Windows Server 2012 R2. You download and install the Microsoft Online Backup Service Agent on Server1.
You need to ensure that you can configure an online backup from Windows Server Backup.
What should you do first?
A. From a command prompt, run wbadmin.exe enable backup.
B. From Windows Server Backup, run the Register Server Wizard.
C. From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.
D. From Computer Management, add the Server1 computer account to the Backup Operators group.
Answer: B
Explanation:
Download and install the Windows Azure Online Backup Agent After you create an account on the Windows Azure Online Backup website, you can download the Windows Azure Online Backup Agent and install it locally.
An Online Backup node then appears in the navigation pane of the Windows Server Backup console, as shown in Figure 12-If you prefer, you can also configure online backups from the Windows Azure Online Backup console, which becomes available after you install the agent. The Windows Azure Online Backup console provides exactly the same set of options as the Online Backup node in the Windows Server Backup console.
Register server The next step is to register your server. Registering a server enables you to perform backups from that same server only. (Remember this point for the exam.) To register the server, from the Actions menu, select Register Server. The Register Server Wizard includes two configuration steps. First, you are given an opportunity to specify a proxy server if desired. Second, you are asked to provide a passphrase that will be used to encrypt your backup data and a location to save this passphrase in a file. You need to provide this passphrase when you perform a restore operation, so it's essential that you don't lose it. (Microsoft doesn't maintain a copy of your passphrase.) A Generate Passphrase option creates the passphrase for you automatically. After you register a server, new options for Online Backup appear in the Actions pane, including Schedule Backup, Recover Data, Change Properties, and Unregister Server.
Q229. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. Server2 has the DHCP Server server role installed. A user named User1 is a member of the IPAM Users group on Server1. You need to ensure that User1 can use IPAM to modify the DHCP scopes on Server2. The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?
A. IPAM ASM Administrators on Server1
B. IPAMUG in Active Directory
C. DHCP Administrators on Server2
D. IPAM MSM Administrators on Server1
Answer: C
Explanation:
Sever2 "DHCP Users" group membership is required to modify scopes on Server2 of course DHCP Administrators can proceed these tasks too. From the MSPress book "Upgrading your skills to MCSA Windows Server 2012 R2" IPAM Provisioning IPAM installation sets up various periodic data collection tasks to collect relevant data from managed DNS, DHCP, DC and NPS servers to enable address space management, multiserver management and monitoring and event catalog scenarios. All IPAM tasks launch under the Network Service account, which presents the local computer's credentials to remote servers. To accomplish this, administrators must enable read access and security permissions for the required resources over managed servers for the IPAM server's computer account. Further the relevant firewall ports need to be configured on these managed servers. IPAM Access Settings The following table provides a mapping of the IPAM functionality and managed server role type to access setting and FW rule required by IPAM periodic tasks
IPAM Access Monitoring IPAM access monitoring tracks the provisioning state of the following statuses on the server roles, which are displayed in the details pane of the IPAM server inventory view
Q230. You have a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 to create an entry in an event log when the processor usage exceeds 60 percent.
Which type of data collector should you create?
A. A performance counter data collector
B. An event trace data collector
C. A performance counter alert
D. A configuration data collector
Answer: C