70-417 Exam
Questions Ask for exam 70 417
Our pass rate is high to 98.9% and the similarity percentage between our 70 417 pdf study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Microsoft exam 70 417 exam in just one try? I am currently studying for the Microsoft 70 417 dumps exam. Latest Microsoft 70 417 pdf Test exam practice questions and answers, Try Microsoft 70 417 exam Brain Dumps First.
Q121. OTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2.
You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers.
You need to identify which domain controller will be used for initial replication during the promotion of the RODC.
Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
Answer:
Q122. Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com.
What should you do?
A. Modify the Service Connection Point (SCP)
B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain
C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain
D. Modify the properties of the AD RMS cluster in west.contoso.com
Answer: B
Q123. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You need to ensure that authenticated users can request assistance when they are denied access to the resources on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
B. Configure the Customize message for Access Denied errors policy setting of GPO1.
C. Install the File Server Resource Manager role service on DC1.
D. Install the File Server Resource Manager role service on Server1.
E. Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.
Answer: A,D
Explanation: * To configure access-denied assistance by using Group Policy
Open Group Policy Management. In Server Manager, click Tools, and then click Group
Policy Management.
Right-click the appropriate Group Policy, and then click Edit.
Click Computer Configuration, click Policies, click Administrative Templates, click System,
and then click Access-Denied Assistance.
Right-click Customize message for Access Denied errors, and then click Edit.
Select the Enabled option.
Etc
*You can configure access-denied assistance within a domain by using Group Policy, or
you can configure the assistance individually on each file server by using the File Server
Resource Manager console.
Reference: Deploy Access-Denied Assistance
Q124. RAG DROP
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
A new corporate policy states that backups must use Windows Azure Online Backup whenever possible.
You need to identify which technology you must use to back up Server1. The solution must use Windows Azure Online Backup whenever possible.
What should you identify?
To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q125. Your network contains multiple subnets. On one of the subnets, you deploy a server named Server1 that runs Windows Server 2012 R2.
You install the DNS Server server role on Server1, and then you create a standard primary zone named contoso.com. You need to ensure that client computers can resolve IP addresses to host names.
What should you do first?
A. Create a GlobalNames zone
B. Convert the contoso.com zone to an Active Directory-integrated zone
C. Configure dynamic updates for contoso.com
D. Create a reverse lookup zone
Answer: A
Q126. Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012 R2. The domain contains a virtual machine named DC2.
On DC2, you run Get-ADDCCloningExcludcdApplicationList and receive the output shown in the following table.
You need to ensure that you can clone DC2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: A,E
Explanation:
Because domain controllers provide a distributed environment, you could not safely clone an Active Directory domain controller in the past.
Before, if you cloned any server, the server would end up with the same domain or forest, which is unsupported with the same domain or forest. You would then have to run sysprep, which would remove the unique security information before cloning and then promote a domain controller manually. When you clone a domain controller, you perform safe cloning, which a cloned domain controller automatically runs a subset of the sysprep process and promotes the server to a domain controller automatically.
The four primary steps to deploy a cloned virtualized domain controller are as follows:
. Grant the source virtualized domain controller the permission to be cloned by
adding the source virtualized domain controller to the Cloneable Domain
Controllers group.
. Run Get-ADDCCloningExcludedApplicationListcmdlet in Windows PowerShell to
determine which services and applications on the domain controller are not compatible with the cloning. . Run New-ADDCCloneConfigFile to create the clone configuration file, which is stored in the C:\Windows\NTDS. . In Hyper-V, export and then import the virtual machine of the source domain controller.
Run Get-ADDCCloningExcludedApplicationListcmdlet In this procedure, run the Get-ADDCCloningExcludedApplicationListcmdlet on the source virtualized domain controller to identify any programs or services that are not evaluated for cloning. You need to run the Get-ADDCCloningExcludedApplicationListcmdlet before the New-ADDCCloneConfigFilecmdlet because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. To identify applications or services that run on a source domain controller which have not been evaluated for cloning Get-ADDCCloningExcludedApplicationList Get-ADDCCloningExcludedApplicationList -GenerateXml
The clone domain controller will be located in the same site as the source domain controller unless a different site is specified in the DCCloneConfig.xml file. Note: The Get-ADDCCloningExcludedApplicationListcmdlet searches the local domain controller for programs and services in the installed programs database, the services control manager that are not specified in the default and user defined inclusion list. The applications in the resulting list can be added to the user defined exclusion list if they are determined to support cloning. If the applications are not cloneable, they should be removed from the source domain controller before the clone media is created. Any application that appears in cmdlet output and is not included in the user defined inclusion list will force cloning to fail. The Get-ADDCCloningExcludedApplicationListcmdlet needs to be run before the New-ADDCCloneConfigFilecmdlet is used because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.
The New-ADDCCloneConfigcmdlet in PowerShell By hand with an XML editor By editing an existing config file, again with an XML editor (Notepad is not an XML editor.)
You can populate the XML file. . . . . doesn't need to be empty. . . . .
http: //technet. microsoft. com/en-us/library/hh831734. aspx http: //blogs. dirteam. com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning. aspx
Q127. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Perform an authoritative restore.
B. Perform a non-authoritative restore.
C. Recover the items by using Active Directory Recycle Bin.
D. Apply a virtual machine snapshot to VM1.
Answer: A
Explanation:
Authoritative restore allows the administrator to recover a domain controller, restore it to a specific point in time, and mark objects in Active Directory as being authoritative with respect to their replication partners. For example, you might need to perform an authoritative restore if an administrator inadvertently deletes an organizational unit containing a large number of users. If you restore the server from tape, the normal replication process would not restore the inadvertently deleted organizational unit. Authoritative restore allows you to mark the organizational unit as authoritative and force the replication process to restore it to all of the other domain controllers in the domain. Incorrect: Not C: A nonauthoritative restore returns the domain controller to its state at the time of backup and then allows normal replication to overwrite that state with any changes that occurred after the backup was taken. After you restore the system state, the domain controller queries its replication partners. The replication partners replicate any changes to the restored domain controller, ensuring that the domain controller has an accurate and updated copy of the Active Directory database.
Reference: Performing an Authoritative Restore
What should you do?
A. Export and import data by using Dsamain.
B. Apply a virtual machine snapshot to VM1.
C. Recover the items by using Active Directory Recycle Bin.
D. Modify the isRecycled attribute of Group1. Answer: A
Q128. You have a print server named Print1 that runs Windows Server 2012 R2. Print1 has 10 shared printers.
You need to change the location of the spool folder. What should you modify?
A. The properties of the Print Spooler service
B. The Print Server Properties
C. The user environment variables
D. The PrintQueue.inf file
Answer: A
Q129. A global catalog server is available to directory clients when Domain Name System (DNS) servers can locate it as a global catalog server. In which order do the following events need to occur before the catalog server is ready?
A) The Net Logon service on the domain controller has updated DNS with global-catalogspecific service (SRV) resource records.
B) The isGlobalCatalogReadyrootDSE attribute is set to TRUE.
C) The global catalog receives replication of read-only replicas to the required occupancy level.
A. C then A, then B
B. B then C, then A
C. A then C, then B
D. C then B, then A
Answer: A
Explanation:
http://technet.microsoft.com/fr-fr/library/cc739901%28v=ws.10%29.aspx Verify global catalog readiness When a global catalog server has satisfied replication requirements, the isGlobalCatalogReady Root DSE attribute is set to TRUE and the global catalog is ready to serve clients.http://technet.microsoft.com/de-de/library/howglobal-catalog-serverswork%28v=ws.10%29.aspx How the Global Catalog Works Global Catalog Server Creation and Advertisement By default, before a domain controller advertises itself as a global catalog server in DNS, the global catalog contents must be replicated to the server. This process involves replication of a partial, read-only replica of every domain in the forest except for the domain for which the new global catalog server is authoritative. The duration of this process depends on how many domains the forest contains, the size of the domains, and the relative locations of source and destination domain controllers. If multiple domains are in the forest and if source domain controllers are located only in distant sites, the process takes longer than if all domains are in the same site or in only a few sites. When replication must occur between sites to create the global catalog, replication occurs according to the site link schedule. Requirements for Global Catalog Readiness By default, a global catalog server is not considered "ready" (the server advertises itself in DNS as a global catalog server) until all read-only directory partitions have been fully replicated to the new global catalog server. The Global Catalog Partition Occupancy registry entry under HKEY_Local_Machine\System \CurrentControlSet \Services \NTDS\Parameters determines the requirements for how many read- only directory partitions must be present on a domain controller for it to be considered a global catalog server, from no partitions (0) to all partitions (6). For domain controllers that run Windows Server 2003 or later, the default occupancy value requires that all read-only directory partitions be replicated to the global catalog server before the Net Logon service registers SRV resource records in DNS. For most conditions, this default provides the best option for ensuring that a global catalog server provides a consistent view of the directory. In less common circumstances, however, it might be useful to make the global catalog server available with an incomplete set of partial domain directory partitions for example, when delay of replication of a domain that is not required by users is jeopardizing their ability to log on.
Q130. Your network contains an Active Directory domain named adatum.com. The domain
contains a member server named Server1 and a domain controller named DC2. All servers run Windows Server 2012 R2.
On DC2, you open Server Manager and you add Server1 as another server to manage.
From Server Manager on DC2, you right-click Server1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that when you right-click Server1, you see the option to run the DHCP console.
What should you do?
A. On DC2, install the Role Administration Tools.
B. On DC2 and Server1, run winrmquickconfig.
C. In the domain, add DC2 to the DHCP Administrators group.
D. On Server1, install the Feature Administration Tools.
Answer: A
Explanation:
You need to install the feature administrations tools for the dhcp . Need to install DHCP management tools on DC2 then you will have access to dhcp management.