70-417 Exam
Dec 2021 updated: prerequisite for exam 70-417
Want to know Pass4sure 70-417 Exam practice test features? Want to lear more about Microsoft Upgrading Your Skills to MCSA Windows Server 2012 certification experience? Study 100% Correct Microsoft 70-417 answers to Renovate 70-417 questions at Pass4sure. Gat a success with an absolute guarantee to pass Microsoft 70-417 (Upgrading Your Skills to MCSA Windows Server 2012) test on your first attempt.
2021 Dec microsoft exam 70-417:
Q181. Which of the following situations would you use AD LDS?
A. A DMZ
B. Standard private network
C. You require the use of Group Policy
D. You require the use of Organizational Units
Answer: A
Explanation:
A DMZ (Demilitarized Zone) such as a web server is usually the classic choice for using AD LDS (Active Directory Lightweight Directory Service)
Q182. You plan to deploy a file server to a temporary location.
The temporary location experiences intermittent power failures.
The file server will contain a dedicated volume for shared folders.
You need to create a volume for the shared folders. The solution must minimize the
likelihood of file corruption if a power failure occurs.
Which file system should you use?
A. NFS
B. FAT32
C. ReFS
D. NTFS
Answer: C
Explanation: The ReFS file system allows for resiliency against corruptions with the option to salvage amongst many other key features like Metadata integrity with checksums, Integrity streams with optional user data integrity, and shared storage pools across machines for additional failure tolerance and load balancing, etc.
Q183. Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.
You plan to install a new domain controller named DC4 that runs Windows Server 2012 R2.
The new domain controller will have the following configurations:
Schema master
Global catalog server
DNS Server server role
Active Directory Certificate Services server role
....
You need to identify which configurations cannot be fulfilled by using the Active Directory Domain Services Configuration Wizard.
Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Enable the global catalog server.
B. Transfer the schema master.
C. Install the Active Directory Certificate Services role.
D. Install the DNS Server role.
Answer: B,C
Explanation:
AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server. ADCS and schema must be done separately.
Q184. Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2.
Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. All of the virtual machines run Windows Server 2008 R2.
You need to view the amount of memory resources and processor resources that VM4 currently uses.
Which tool should you use on Hyperv1?
A. Task Manager
B. Windows System Resource Manager (WSRM)
C. Hyper-V Manager
D. Resource Monitor
Answer: C
Q185. Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012 R2. The domain contains a virtual machine named DC2.
On DC2, you run Get-ADDCCloningExcludcdApplicationList and receive the output shown in the following table.
You need to ensure that you can clone DC2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: A,E
Explanation:
Because domain controllers provide a distributed environment, you could not safely clone an Active Directory domain controller in the past.
Before, if you cloned any server, the server would end up with the same domain or forest, which is unsupported with the same domain or forest. You would then have to run sysprep, which would remove the unique security information before cloning and then promote a domain controller manually. When you clone a domain controller, you perform safe cloning, which a cloned domain controller automatically runs a subset of the sysprep process and promotes the server to a domain controller automatically.
The four primary steps to deploy a cloned virtualized domain controller are as follows:
. Grant the source virtualized domain controller the permission to be cloned by
adding the source virtualized domain controller to the Cloneable Domain
Controllers group.
. Run Get-ADDCCloningExcludedApplicationListcmdlet in Windows PowerShell to
determine which services and applications on the domain controller are not compatible with the cloning. . Run New-ADDCCloneConfigFile to create the clone configuration file, which is stored in the C:\Windows\NTDS. . In Hyper-V, export and then import the virtual machine of the source domain controller.
Run Get-ADDCCloningExcludedApplicationListcmdlet In this procedure, run the Get-ADDCCloningExcludedApplicationListcmdlet on the source virtualized domain controller to identify any programs or services that are not evaluated for cloning. You need to run the Get-ADDCCloningExcludedApplicationListcmdlet before the New-ADDCCloneConfigFilecmdlet because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. To identify applications or services that run on a source domain controller which have not been evaluated for cloning Get-ADDCCloningExcludedApplicationList Get-ADDCCloningExcludedApplicationList -GenerateXml
The clone domain controller will be located in the same site as the source domain controller unless a different site is specified in the DCCloneConfig.xml file. Note: The Get-ADDCCloningExcludedApplicationListcmdlet searches the local domain controller for programs and services in the installed programs database, the services control manager that are not specified in the default and user defined inclusion list. The applications in the resulting list can be added to the user defined exclusion list if they are determined to support cloning. If the applications are not cloneable, they should be removed from the source domain controller before the clone media is created. Any application that appears in cmdlet output and is not included in the user defined inclusion list will force cloning to fail. The Get-ADDCCloningExcludedApplicationListcmdlet needs to be run before the New-ADDCCloneConfigFilecmdlet is used because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.
The New-ADDCCloneConfigcmdlet in PowerShell By hand with an XML editor By editing an existing config file, again with an XML editor (Notepad is not an XML editor.)
You can populate the XML file. . . . . doesn't need to be empty. . . . .
http: //technet. microsoft. com/en-us/library/hh831734. aspx http: //blogs. dirteam. com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning. aspx
Up to date server 70-417:
Q186. You have a server named Server1 that runs Windows Server 2012 R2.
You discover that the performance of Server1 is poor.
The results of a performance report generated on Server1 are shown in the following table.
You need to identify the cause of the performance issue.
What should you identify?
A. Insufficient processors
B. Excessive paging
C. Driver malfunction
D. Insufficient RAM
Answer: C
Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface. Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity. Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue. Memory: Pages/sac This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data. http://technet.microsoft.com/en-us/library/cc768048.aspx
Q187. You have a VHD that contains an image of Windows Server 2012 R2. You plan to Apply updates to the image.
You need to ensure that only updates that can install without requiring a restart are installed.
Which DISM option should you use?
A. /Apply-Unattend
B. /Add-ProvisionedAppxPackage
C. /PreventPending
D. /Cleanup-Image
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh825265.aspx
Q188. OTSPOT
Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and an IKEv2 VPN. You need to view the properties of the VPN connection. Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
Answer:
Q189. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)
You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1.
What should you configure?
A. Item-level targeting
B. Security Filtering
C. Block Inheritance
D. WMI Filtering
Answer: B
Explanation: Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Q190. Which terminology is being described below?
A _________ trust allows resources in your domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed more quickly by users in another domain (which is nested within another domain tree) in your forest.
A. one-way, outgoing, shortcut
B. two-way, incoming, shortcut
C. one-way, outgoing, forest
D. two-way, incoming, forest
Answer: A
Explanation:
The direction of the trust is inverse of the direction of the authorization not forest as we're asked for a trust only between 2 domains. a forest trust would provide trust between every single domain of the forest.