70-417 Exam
exam cram 70-417? Tips for success
Youre going to get the actual in depth description whenever you face troubles during your 70-417 examine. Pass4sure give you the actual 70-417 Upgrading Your Skills to MCSA Windows Server 2012 key points legibly inside the 70-417 dumps. These types of greatly conserving your own costs to take part in the actual Microsoft classes.
2021 Dec ms exam 70-417:
Q201. RODC comes with a number of features that focus on heightened security with limited functionality to remote office users.
Which of the following is (or are) feature(s) of RODC?
A. All of these
B. Filtered Attribute Sets
C. Unidirectional Replication
D. Read-only DNS
Answer: A
Q202. Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named AHServers.OU.
You create and link a Group Policy object (GPO) named GP01 to AllServer.OU. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that GPO1 only applies to servers that have Remote Desktop Services (RDS) installed.
What should you configure?
A. Item-level targeting
B. WMI Filtering
C. Security Filtering
D. Block Inheritance
Answer: B
Explanation:
Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs) based on attributes of the target computer. When a GPO that is linked to a WMI filter is applied on the target computer, the filter is evaluated on the target computer. If the WMI filter evaluates to false, the GPO is not applied. If the WMI filter evaluates to true, the GPO is applied.
Q203. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery.
You plan to create Group Policies for IPAM provisioning.
You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies.
What should you do on Server2?
A. From Server Manager, review the IPAM overview.
B. Run the Get-IpamConfigurationcmdlet.
C. From Task Scheduler, review the IPAM tasks.
D. Run the ipamgc.exe tool.
Answer: A
Q204. OTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a server named Server1. Both servers run Windows Server 2012 R2.
You configure the classification of a share on Server1 as shown in the Share1 Properties exhibit. (Click the Exhibit button.)
You configure the resource properties in Active Directory as shown in the Resource Properties exhibit. (Click the Exhibit button.)
You need to ensure that the Impact classification can be assigned to Share1 immediately.
Which cmdlet should you run on each server?
To answer, select the appropriate cmdlet for each server in the answer area.
Answer:
Q205. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All servers runs Windows Server 2012 R2.The domain contains two
domain controllers named DC1 and DC2. Both domain controllers are virtual machines on a Hyper-V host.
You plan to create a cloned domain controller named DC3 from an image of DC1.
You need to ensure that you can clone DC1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Add the computer account of DC1 to the Cloneable Domain Controllers group.
B. Create a DCCIoneConfig.xml file on DC1.
C. Add the computer account of DC3 to the Cloneable Domain Controllers group.
D. Run the Enable-AdOptionalFeaturecmdlet.
E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.
Answer: A,B
Explanation: * Cloneable Domain Controllers Group (located in the Users container). Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn't be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group.
* DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more.
Regenerate cbt nuggets 70-417 download:
Q206. You have a server named Server1 that runs Windows Server 2012 R2. You download and install the Microsoft Online Backup Service Agent on Server1.
You need to ensure that you can configure an online backup from Windows Server Backup.
What should you do first?
A. From a command prompt, run wbadmin.exe enable backup.
B. From Windows Server Backup, run the Register Server Wizard.
C. From the Services console, modify the Log On settings of the Microsoft Online Backup Service Agent.
D. From Computer Management, add the Server1 computer account to the Backup Operators group.
Answer: B
Explanation:
Download and install the Windows Azure Online Backup Agent After you create an account on the Windows Azure Online Backup website, you can download the Windows Azure Online Backup Agent and install it locally.
An Online Backup node then appears in the navigation pane of the Windows Server Backup console, as shown in Figure 12-If you prefer, you can also configure online backups from the Windows Azure Online Backup console, which becomes available after you install the agent. The Windows Azure Online Backup console provides exactly the same set of options as the Online Backup node in the Windows Server Backup console.
Register server The next step is to register your server. Registering a server enables you to perform backups from that same server only. (Remember this point for the exam.) To register the server, from the Actions menu, select Register Server. The Register Server Wizard includes two configuration steps. First, you are given an opportunity to specify a proxy server if desired. Second, you are asked to provide a passphrase that will be used to encrypt your backup data and a location to save this passphrase in a file. You need to provide this passphrase when you perform a restore operation, so it's essential that you don't lose it. (Microsoft doesn't maintain a copy of your passphrase.) A Generate Passphrase option creates the passphrase for you automatically. After you register a server, new options for Online Backup appear in the Actions pane, including Schedule Backup, Recover Data, Change Properties, and Unregister Server.
Q207. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for Workplace Join.
You run nslookupenterpriseregistration and you receive the following results: You need to create a certificate request for Server1 to support the Active Directory Federation Services (AD FS) installation.
How should you configure the certificate request? To answer, drag the appropriate names to the correct locations. Each name may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q208. OTSPOT
You have a Hyper-V host named HYPERV1. HYPERV1 hosts a virtual machine named
DC1.
You need to prevent the clock on DC1 from synchronizing from the clock on HYPERV1.
What should you configure? To answer, select the appropriate object in the answer area.
Answer:
81. Your network contains an Active Directory domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
DC3 loses network connectivity due to a hardware failure. You plan to remove DC3 from the domain.
You log on to DC3.
You need to identify which service location (SRV) records are registered by DC3.
What should you do?
A. Open the %windir%\system32\dns\backup\adatum.com.dns file.
B. Open the %windir%\system32\config\netlogon.dns file.
C. Run ipconfig /displaydns.
D. Run dcdiag /test:dns.
Answer: B
Explanation:
The netlogon.dns file contains all registrations. http://support.microsoft.com/kb/816587/en-us How to verify that SRV DNS records have been created for a domain controller The SRV record is a Domain Name System (DNS) resource record that is used to identify computers that host specific services. SRV resource records are used to locate domain controllers for Active Directory. To verify SRV locator resource records for a domain controller, use one of the following methods. DNS Manager After you install Active Directory on a server running the Microsoft DNS service, you can use the DNS Management Console to verify that the appropriate zones and resource records are created for each DNS zone. Active Directory creates its SRV records in the following folders, where Domain_Name is the name of your domain: Forward Lookup Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp Forward Lookup Zones/Domain_Name/_msdcs/dc/_tcp In these locations, an SRV record should appear for the following services: _kerberos _ldap Netlogon.dns If you are using non-Microsoft DNS servers to support Active Directory, you can verify SRV locator resource records by viewing Netlogon.dns. Netlogon.dns is located in the %systemroot%\System32\Config folder. You can use a text editor, such as Microsoft Notepad, to view this file. The first record in the file is the domain controller's Lightweight Directory Access Protocol (LDAP) SRV record. This record should appear similar to the following: _ldap._tcp.Domain_Name Nslookup Nslookup is a command-line tool that displays information you can use to diagnose Domain Name System (DNS) infrastructure. To use Nslookup to verify the SRV records, follow these steps:
On your DNS, click Start, and then click Run.
In the Open box, type cmd.
Type nslookup, and then press ENTER.
Type set type=all, and then press ENTER.
Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your
domain, and then press ENTER.
Nslookup returns one or more SRV service location records
Q209. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Access server role installed.
You log on to Server1 by using a user account named User2.
From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2.
To which group should you add User2?
A. Account Operators
B. Enterprise Admins
C. Domain Admins
D. Server Operators
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh918408.aspx#feedback
Q210. Your network contains a server named Server1 that runs Windows Server 2012. Server1
has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
Server1 is configured as shown in the following table.
You install a network monitoring application on VM2.
You need to ensure that all of the traffic sent to VM3 can be captured on VM2.
What should you configure?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization
Answer: J
Explanation:
http://technet.microsoft.com/en-us/library/jj679878.aspx#bkmk_portmirror What's New in Hyper-V Virtual Switch Port Mirroring With Port Mirroring, traffic sent to or from a Hyper-V Virtual Switch port is copied and sent to a mirror port. There are a range of applications for port mirroring an entire ecosystem of network visibility companies exist that have products designed to consume port mirror data for performance management, security analysis, and network diagnostics. With Hyper-V Virtual Switch port mirroring, you can select the switch ports that are monitored as well as the switch port that receives copies of all the traffic. The following examples configure port mirroring so that all traffic that is sent and received by both MyVM and MyVM2 is also sent to the VM named MonitorVM. Set-VMNetworkAdapter VMName MyVM PortMirroring Source Set-VMNetworkAdapter VMName MyVM2 PortMirroring Source Set-VMNetworkAdapter VMName MonitorVM PortMirroring Destination