70-417 Exam
The Secret of 70-417 cbt
Proper study guides for Improved Microsoft Upgrading Your Skills to MCSA Windows Server 2012 certified begins with Microsoft 70-417 preparation products which designed to deliver the Free 70-417 questions by making you pass the 70-417 test at your first time. Try the free 70-417 demo right now.
2021 Jan 70-417 r2:
Q81. RAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named File1. All servers in the domain run Windows Server 2012 R2.
You need to create a new volume on File1.
The new volume must have the following configurations:
Have the drive letter T
Have the FAT32 file system
Be stored on a new virtual hard disk
In which order should you run the Diskpart commands?
To answer, move all the Diskpart commands from the list of commands to the answer area and arrange them in the correct order.
...
Answer:
Q82. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
A. In C:\Windows\, create an XML file named DCCIoneConfig.xml and add the application information to the file.
B. In the root of a USB flash drive, add the application information to an XML file named DefaultDCCIoneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named DCCIoneConfig.xml and add the application information to the file.
D. In D:\Windows\NTDS\, create an XML file named CustomDCCIoneAllowList.xml and add the application information to the file.
Answer: D
Explanation:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domainservices-in-windows-server-2012-part-13-domain-controller-cloning.aspx Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.
Q83. Your network contains a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You create a checkpoint of VM1, and then you install an application on VM1. You verify
that the application runs properly.
You need to ensure that the current state of VM1 is contained in a single virtual hard disk
file.
The solution must minimize the amount of downtime on VM1.
What should you do?
A. From a command prompt run dism.exe and specify the /commit-image parameter.
B. From a command prompt, run dism.exe and specify the /delete-image parameter.
C. From Hyper-V Manager, delete the checkpoint.
D. From Hyper-V Manager, inspect the virtual hard disk.
Answer: C
Q84. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2.
A Group Policy object (GPO) named GPO1 is linked to the domain.
Server1 contains a folder named Folder1. Folder1 is shared as Share1.
You need to ensure that authenticated users can request assistance when they are denied access to the resources on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
B. Configure the Customize message for Access Denied errors policy setting of GPO1.
C. Install the File Server Resource Manager role service on DC1.
D. Install the File Server Resource Manager role service on Server1.
E. Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.
Answer: A,D
Explanation: * To configure access-denied assistance by using Group Policy
Open Group Policy Management. In Server Manager, click Tools, and then click Group
Policy Management.
Right-click the appropriate Group Policy, and then click Edit.
Click Computer Configuration, click Policies, click Administrative Templates, click System,
and then click Access-Denied Assistance.
Right-click Customize message for Access Denied errors, and then click Edit.
Select the Enabled option.
Etc
*You can configure access-denied assistance within a domain by using Group Policy, or
you can configure the assistance individually on each file server by using the File Server
Resource Manager console.
Reference: Deploy Access-Denied Assistance
Q85. Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database.
What should you do?
A. Assign User1 the Issue and Manage Certificates permission to CA1.
B. Assign User1 the Read permission and the Write permission to all certificate templates.
C. Provide User1 with access to a Key Recovery Agent certificate and a private key.
D. Assign User1 the Manage CA permission to CA1.
Answer: C
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificate-services-pki-keyarchival-and-management.aspx#Protecting_Key_Recovery_Agent_Keys
Leading 70-417 r2:
Q86. Select the missing tool name from the sentence below:
You can use the __.exe tool to create installation media for additional domain controllers that you are creating in a domain. By using the Install from Media (IFM) option, you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently.
A. Dsutil
B. Ntfrsutl
C. Mqtgsvc
D. Ntdsutil
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc770654(v=ws.10).aspx
Q87. Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?
A. Add your user account to the Group Policy Creator Owners group.
B. Configure all domain controllers as global catalog servers.
C. Copy files from %Windir%\Policydefinitions to the central store.
D. Modify the Delegation settings of the new GPOs.
Answer: C
Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
Q88. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1.
Cluster1 hosts an application named App1.
You need to ensure that Server2 handles all of the client requests to the cluster for App1. The solution must ensure that if Server2 fails, Server1 becomes the active node for App1.
What should you configure?
A. Affinity - None
B. Affinity - Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general u
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: J
Explanation:
The preferred owner in a 2 server cluster will always be the active node unless it is down. http:// www.sqlservercentral.com/Forums/Topic1174454-146-1.aspx#bm1174835 Difference between possible owners and preferred owners Possible owners are defined at the resource level and dictate which nodes in the Windows cluster are able to service this resource For instance, you have a 3 node cluster with Node A, Node B and Node C. You have a clustered disk resource "MyClusteredDisk", if you remove Node C from the possible owners of the clustered disk resource "MyClusteredDisk" then this disk will never be failed over to Node C. Preferred owners are defined at the resource group level and define the preferred node ownership within the Windows cluster For instance, you have a 3 node cluster with Node A, Node B and Node C. You have a cluster resource group "MyClusteredGroup" which contains various disk, IP, network name and service resources. Nodes A, B and C are all possible owners but Node B is set as the preferred owner and is currently the active node. The resource group fails over to Node C as Node B stops responding on the Public network due to a failed NIC. In the Resource group properties on the failback tab you have this set to immediate. You fix the NIC issue on Node B and bring it back up on the network. The resource group currently active on Node C will without warning immediately attempt to failback to Node B. Not a good idea if this is a Production SQL Server instance, so use caution when configuring preferred owners and failback http://support.microsoft.com/kb/299631/en-us Failover behavior on clusters of three or more nodes This article documents the logic by which groups fail from one node to another when there are 3 or more cluster node members. The movement of a group can be caused by an administrator who manually moves a group or by a node or resource failure. Where the group moves depends on how the move is initiated and whether the Preferred Owner list is set.
Q89. A user has locked his account (again!) and you need to unlock it so they can continue working normally.
Which of the following is a possible way to unlock a User Account? (Choose three)
A. Command Line
B. None of these
C. Windows PowerShell
D. VBScript
Answer: A,C,D
Explanation:
All 3 of these can be used to unlock accounts.
Q90. Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are part of a workgroup.
On Server1 and Server2, you create a local user account named Admin1. You add the account to the local Administrators group. On both servers, Admin1 has the same password.
You log on to Server1 as Admin1. You open Computer Management and you connect to Server2.
When you attempt to create a scheduled task, view the event logs, and manage the shared folders, you receive Access Denied messages.
You need to ensure that you can administer Server2 remotely from Server1 by using Computer Management. What should you configure on Server2?
A. From Local Users and Groups, modify the membership of the Remote Management Users group.
B. From Server Manager, modify the Remote Management setting.
C. From Windows Firewall, modify the Windows Management Instrumentation (WMI) firewall rule.
D. From Registry Editor, configure the LocalAccountTokenFilterPolicyresgistry value
Answer: D