70-417 Exam
Get Smart with 70-417 cbt
It is impossible to pass Microsoft 70-417 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Microsoft 70-417 practice questions. You will get a surprising result by our Rebirth Upgrading Your Skills to MCSA Windows Server 2012 practice guides.
2021 Dec cbt nuggets videos 70-417:
Q151. You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. VM1 has several snapshots. You need to modify the snapshot file location of VM1. What should you do?
A. Right-click VM1, and then click Export…
B. Shut down VM1, and then modify the settings of VM1.
C. Delete the existing snapshots, and then modify the settings of VM1.
D. Pause VM1, and then modify the settings of VM1.
Answer: C
Explanation:
Explanation You will need to navigate to the Hyper-V Management snap-in (C:\ProgramData\Microsoft\Windows\Hyper-V) and from there access the Snapshot file Location tab where you can change the settings for the VM1 snapshot file location.
However, since there are already several snapshots in existence, you will need to delete them first because you will not be able to change the location of the snapshot file while there is an existing snapshot and you need to modify the snapshot file location of VM1.
Q152. Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You create a folder named Folder1. You share Folder1 as Share1.
The NTFS permissions on Folder1 are shown in the Folder1 exhibit. (Click the Exhibit button.)
The Everyone group has the Full control Share permission to Folder1.
You configure a central access policy as shown in the Central Access Policy exhibit. (Click the Exhibit button.)
Members of the IT group report that they cannot modify the files in Folder1. You need to
ensure that the IT group members can modify the files in Folder1. The solution must use central access policies to control the permissions. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On the Security tab of Folder1, remove the permission entry for the IT group.
B. On the Classification tab of Folder1, set the classification to "Information Technology".
C. On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.
D. On Share1, assign the Change Share permission to the IT group.
E. On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group.
Answer: B,C
Explanation:
A: On the Security tab of Folder1, remove the permission entry for the IT group. => tested => it failed of course, users don't even have read permissions anymore
D: On Share1, assign the Change share permission to the IT group =>Everyone already has the full control share permission => won't solve the problem which is about the NTFS Read permission
E: On the Security tab of Folder1, add a conditional expression to the existing permission entry for the IT group => how could a condition, added to a read permission, possibly transform a read to a modify permission? If they had said "modify the permission and add a conditional expression" => ok (even if that's stupid, it works) a condition is Applied to the existing permissions to filter existing access to only matching users or groups so if we Apply a condition to a read permission, the result will only be that less users (only them matching the conditions) will get those read permissions, which actually don't solve the problem neither so only one left:
C: On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group => for sure it works and it's actually the only one which works, but what about security? well i first did not consider this method => "modify" permission for every single authenticated users? But now it looks very clear:
THE MORE RESTRICTIVE PERMISSION IS ALWAYS THE ONE APPLIED!! So "Modify" for Authenticated Users group and this will be filtered by the DAC who only allows IT group. and it matches the current settings that no other user (except admin, creator owner, etc...) can even read the folder. and this link confirms my theory:
http://autodiscover.wordpress.com/2012/09/12/configuring-dynamic-access-controls-andfileclassificationpart4-winservr-2012-dac-microsoft- mvpbuzz/
Configuring Dynamic Access Controls and File Classification
Note:
In order to allow DAC permissions to go into play, allow everyone NTFS full control
permissions and then DAC will overwrite it, if the user doesn't have NTFS permissions he
will be denied access even if DAC grants him access.
And if this can help, a little summary of configuring DAC:
Q153. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 runs Windows Server 2012 R2. 5erver2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server server role installed.
You need to manage DHCP on Server2 by using the DHCP console on Server1.
What should you do first?
A. From the Microsoft Management Console on Server1, add a snap-in.
B. From Server Manager on Server2, enable Windows Remote Management.
C. From Windows PowerShell on Server2, run Enable-PSRemoting.
D. From Server Manager on Server1, install a feature.
Answer: B
Q154. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC4 that runs Windows Server 2012 R2.
You create a DCCIoneConfig.xml file. You need to clone DC4.
Where should you place DCCIoneConfig.xml on DC4?
A. %Systemroot%\SYSVOL
B. %Systemdrive%
C. %Systemroot%\NTDS
D. %Programdata%\Microsoft
Answer: C
Explanation:
http://technet.microsoft.com/de-de/library/hh831734.aspx
Q155. Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed.
HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM.
You shut down all of the virtual machines on HV1.
You copy D:\VM to D:\VM on HV2.
You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the New Virtual Machine wizard.
B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the Import Virtual Machine wizard.
C. Run the Import-VM InitialReplicationcmdlet.
D. Run the Import-VM cmdlet.
Answer: D
Explanation: The Import-VM cmdlet imports a virtual machine from a file.
Improved microsoft learning exam 70-417:
Q156. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2.
You need to ensure that a user named User1 can install Windows features on VM1. The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?
A. Server Operators on Server1
B. Power Users on VM1
C. Administrators on VM1
D. Hyper-V Administrators on Server1
Answer: D
Explanation: * The Hyper-V role enables you to create and manage a virtualized computing environment by using virtualization technology that is built in to Windows Server 2012. Hyper-V virtualizes hardware to provide an environment in which you can run multiple operating systems at the same time on one physical computer, by running each operating system in its own virtual machine.
* Simplified authorization
The Hyper-V Administrators group is introduced in Windows Server 2012 and is
implemented as a local security group.
What value does this change add?
This group can reduce the number of users that belong to the local Administrators group
while providing users with access to Hyper-V.
What works differently?
The Hyper-V Administrators group is a new local security group. Add users to this group
instead of the local Administrators group to provide them with access to Hyper-V. Members
of the Hyper-V Administrators have complete and unrestricted access to all features of
Hyper-V.
Reference: What's New in Hyper-V for Windows Server 2012
Q157. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2.
You install the DHCP Server server role on Server1 and Server2. You install the IP Address Management (IPAM) Server feature on Server1.
You notice that you cannot discover Server1 or Server2 in IPAM.You need to ensure that you can use IPAM to discover the DHCP infrastructure.
Which two actions should you perform? (Each correct answer presents part of the solution.(Choose two.)
A. On Server2, create an IPv4 scope
B. On Server1, run the Add-IpamServerInventory cmdlet
C. On Server2, run the Add-DhcpServerInDc cmdlet
D. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet
E. On Server1, uninstall the DHCP Server server role.
Answer: C,E
169. Which terminology is being described below?
Time synchronization is critical for the proper operation of many Windows services and line-of- business Applications.
The __________ uses the Network Time Protocol (NTP) to synchronize computer clocks on the network so that an accurate clock value, or time stamp, can be assigned to network validation requests and resource access requests
A. Network Services Shell (Netsh)
B. Listsvc
C. Fixmbr
D. Windows Time service (W32time)
Answer: D
Q158. OTSPOT
Your network contains a RADIUS server named Admin1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has
Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Admin1.
On Server2, you create a new remote RADIUS server group named Group1 that contains
Admin1.
What should you configure next on Server2?
To answer, select the appropriate node in the answer area.
Answer:
352. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed. The domain contains a virtual machine named VM1.
A developer wants to attach a debugger to VM1.
You need to ensure that the developer can connect to VM1 by using a named pipe.
Which virtual machine setting should you configure?
A. BIOS
B. Network Adapter
C. COM 1
D. Processor
Answer: C
Explanation:
Named pipes can be used to connect to a virtual machine by configuring COM 1.
References: http://support.microsoft.com/kb/819036 http://support.microsoft.com/kb/141709
Q159. RAG DROP
Your network contains an Active Directory domain named contoso.com.
You need to ensure that third-party devices can use Workplace Join to access domain
resources on the Internet.
Which four actions should you perform in sequence?
To answer, move the appropriate four actions from the list of actions to the answer area
and arrange them in the correct order.
Answer:
Q160. Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. Name Resolution Policy
C. DNS Client
D. Network Connections
Answer: B
Explanation:
http://www.techrepublic.com/blog/10things/10-things-you-should-know-aboutdirectaccess/1371