getcertified4sure.com

70-417 Exam

70 417 vce : Dec 2021 Edition



Act now and download your Microsoft 70 417 vce test today! Do not waste time for the worthless Microsoft microsoft 70 417 tutorials. Download Most up-to-date Microsoft Upgrading Your Skills to MCSA Windows Server 2012 exam with real questions and answers and begin to learn Microsoft 70 417 vce with a classic professional.

Q181. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1. 

You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.) 

You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1. 

What should you configure? 

A. Item-level targeting 

B. Security Filtering 

C. Block Inheritance 

D. WMI Filtering 

Answer:

Explanation: Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO. 


Q182. You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2. 

You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates. 

Which tool should you use? 

A. The Add-CauClusterRolecmdlet 

B. TheWuauclt command 

C. TheWusa command 

D. The Invoke-CauScancmdlet 

Answer:

Explanation: 

The Invoke-CauScancmdlet performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster. 


Q183. Your network contains three Active Directory forests. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. 

All of the users in all of the forests must be able to access protected content from any of the forests. 

You need to identify the minimum number of AD RMS trusts required. 

How many trusts should you identify? 

A. 2 

B. 3 

C. 4 

D. 6 

Answer:

Explanation: 

http://technet.microsoft.com/en-us/library/dd772648%28v=ws.10%29.aspx AD RMS Multi-forest Considerations 


Q184. Your network contains an Active Directory domain named contoso.com. 

Network Policy Server (NPS) is deployed to the domain. 

You plan to deploy Network Access Protection (NAP). 

You need to configure the requirements that are validated on the NPS client computers. 

What should you do? 

A. From the Network Policy Server console, configure a health policy. 

B. From the Network Policy Server console, configure a network policy. 

C. From a Group Policy object (GPO), configure the NAP Client Configuration security setting. 

D. From a Group Policy object (GPO), configure the Network Access Protection Administrative Templates setting. 

E. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV) policy. 

Answer: E Explanation: 

I feel the question is a bit unclear still. 

http://technet.microsoft.com/en-us/library/cc731260.aspx 

WSHV settings 

If a client computer is noncompliant with one of the requirements of the WSHV, it is 

considered noncompliant with the WSHV as a whole. If a computer is determined to be 

noncompliant with the WSHV, the following actions might be taken: 

I believe that the validation will take into account Health and Network, so it has to be both 

of them. 

I don't see A or D being a valid choice. 

Leaving us with E. And, the site kinda confirm this. 


Q185. Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. 

The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.) 

The domain contains two global groups named Group1 and Group2. 

You need to ensure that only users who are members of both Group1 and Group2 are 

denied access to Folder1. 

Which two actions should you perform? (Each correct answer presents part of the solution. 

Choose two.) 

A. Remove the Deny permission for Group1 from Folder1. 

B. Deny Group2 permission to Folder1. 

C. Install a domain controller that runs Windows Server 2012 R2. 

D. Create a conditional expression. 

E. Deny Group2 permission to Share1. 

F. Deny Group1 permission to Share1. 

Answer: A,D 

Explanation: 

* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditional access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment. http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccesscontrol-en-us.aspx 


Q186. Your network contains an Active Directory domain named contoso.com. All domain 

controllers run Windows Server 2012 R2. 

Administrators use client computers that run Windows 8 to perform all management tasks. 

A central store is configured on a domain controller named DC1. 

You have a custom administrative template file named AppLadmx. App1.admx contains 

application settings for an application named App1. 

From a client computer named Computer1, you create a new Group Policy object (GPO) 

named GPO1. 

You discover that the application settings for App1 fail to appear in GPO1. 

You need to ensure that the App1 settings appear in all of the new GPOs that you create. 

What should you do? 

A. From the Default Domain Controllers Policy, add App1.admx to the Administrative Templates. 

B. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\. 

C. From the Default Domain Policy, add App1.admx to the Administrative Templates. 

D. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs. 

Answer:

Explanation: 

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. 


Q187. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. 

Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.) 

You need to assign a user named User1 permission to add and delete records from the contoso.com zone only. 

What should you do first? 

A. Enable the Advanced view from DNS Manager. 

B. Add User1 to the DnsUpdateProxy group. 

C. Run the New Delegation Wizard. 

D. Configure the zone to be Active Directory-integrated. 

Answer:


Q188. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has following storage spaces: 

Data 

Users 

Backups 

Primordial 

.... 

You add an additional hard disk to Server1. 

You need to identify which storage space contains the new hard disk. 

Which storage space contains the new disk? 

A. Primordial 

B. Data 

C. Backups 

D. Users 

Answer:

Explanation: 

New Disks (Unallocated space) added to Primordial spacePrimordial Pool? All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. Thiscan be considered the default pool for devices from which any other pools will be created. Notice that there are no other virtual disks or pools at this point. The Primordial Pool will only consist of physical storage devices that do not belong to any other pools. 

http://blogs.technet.com/b/canitpro/archive/2012/12/13/storage-pools-dive-right-in.aspx http:// blogs.technet.com/b/askpfeplat/archive/2012/10/10/windows-server-2012-storagespaces-is- it for-youcould-be.aspx 


Q189. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. 

You install the DHCP Server server role on Server1 and Server2. You install the IP Address Management (IPAM) Server feature on Server1. 

You notice that you cannot discover Server1 or Server2 in IPAM.You need to ensure that you can use IPAM to discover the DHCP infrastructure. 

Which two actions should you perform? (Each correct answer presents part of the solution.(Choose two.) 

A. On Server2, create an IPv4 scope 

B. On Server1, run the Add-IpamServerInventory cmdlet 

C. On Server2, run the Add-DhcpServerInDc cmdlet 

D. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet 

E. On Server1, uninstall the DHCP Server server role. 

Answer: C,E 

169. Which terminology is being described below? 

Time synchronization is critical for the proper operation of many Windows services and line-of- business Applications. 

The __________ uses the Network Time Protocol (NTP) to synchronize computer clocks on the network so that an accurate clock value, or time stamp, can be assigned to network validation requests and resource access requests 

A. Network Services Shell (Netsh) 

B. Listsvc 

C. Fixmbr 

D. Windows Time service (W32time) 

Answer:


Q190. Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on Server2. 

You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.) 

You need to manage IPAM from Server2. 

What should you do first? 

A. On Server2, open Computer Management and connect to Server1. 

B. On Server1, add the Server2 computer account to the IPAM ASM Administrators group. 

C. On Server2, add Server1 to Server Manager. 

D. On Server1, add the Server2 computer account to the IPAM MSM Administrators group. 

Answer:


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.