Author Archives: admin

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(41-50)!

QUESTION 41
Your network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Certificate Services server role installed and is configured as a standalone certification authority (CA). You install a second server named Server2. You install the Online Responder role service on Server2. You need to ensure that Server1 can issue an Online Certificate Status Protocol (OCSP) Response Signing certificate to Server2. What should you do?

A.    On Server1, run the certutil.exe command and specify the -setreg parameter.
B.    On Server2, run the certutil.exe command and specify the -policy parameter.
C.    On Server1, configure Security for the OCSP Response Signing certificate template.
D.    On Server2, configure Issuance Requirements for the OCSP Response Signing certificate template.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732526.aspx
 clip_image001[68]

QUESTION 42
Your network contains an Active Directory domain named adatum.com. The domain contains a server named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server role installed and is configured to support key archival and recovery. You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys from the AD CS database. What should you do?

A.    Assign User1 the Issue and Manage Certificates permission to Server1.
B.    Assign User1 the Read permission and the Write permission to all certificate templates.
C.    Provide User1 with access to a Key Recovery Agent certificate and a private key.
D.    Assign User1 the Manage CA permission to Server1.

Answer: C

QUESTION 43
Your network contains an Active Directory domain named contoso.com. The domain contains two sites named Site1 and Site2 and two domain controllers named DC1 and DC2. Both domain controllers are located in Site1. You install an additional domain controller named DC3 in Site1 and you ship DC3 to Site2. A technician connects DC3 to Site2. You discover that users in Site2 are authenticated by all three domain controllers. You need to ensure that the users in Site2 are authenticated by DC1 or DC2 only if DC3 is unavailable. What should you do?

A.    From Network Connections, modify the IP address of DC3.
B.    In Active Directory Sites and Services, modify the Query Policy of DC3.
C.    From Active Directory Sites and Services, move DC3.
D.    In Active Directory Users and Computers, configure the insDS-PrimaryComputer attribute for the
users in Site2.

Answer: C
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificateservices- pki-keyarchival-and-anagement.aspx#Protecting_Key_Recovery_Agent_Keys
 clip_image001[70]
QUESTION 44
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com. Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. Several user accounts are migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to access resources in contoso.com. The users successfully accessed the resources in contoso.com before the accounts were migrated. You need to ensure that the migrated users can access the resources in contoso.com. What should you do?

A.    Replace the existing forest trust with an external trust.
B.    Run netdom and specify the /quarantine attribute.
C.    Disable SID filtering on the existing forest trust.
D.    Disable selective authentication on the existing forest trust.

Answer: C
Explanation:
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompT, /quarantine Sets or clears the domain quarantine C. Need to gran access to the resources in contoso.com
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource
computers) that reside in the trusting forest
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc758152(v=ws.10).aspx
 clip_image001[72]

QUESTION 45
You have four servers that run Windows Server 2012 R2. The servers have the Failover Clustering feature installed. You deploy a new cluster named Cluster1. Cluster1 is configured as shown in the following table.
 clip_image001[74]
Site2 is a disaster recovery site. Server1, Server2, and Server3 are configured as the preferred owners of the cluster roles. Dynamic quorum management is disabled. You plan to perform hardware maintenance on Server3. You need to ensure that if the WAN link between Site1 and Site2 fails while you are performing maintenance on Server3, the cluster resource will remain available in Site1. What should you do?

A.    Enable dynamic quorum management.
B.    Remove the node vote for Server3.
C.    Add a file share witness in Site1.
D.    Remove the node vote for [C1] Server4 and Server5.

Answer: D
Explanation:
http://msdn.microsoft.com/en-us/library/hh270280.aspx#VotingandNonVotingNodes
 clip_image001[76]

QUESTION 46
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. You are a member of the local Administrators group on Server2. You install an Active Directory Rights Management Services (AD RMS) root cluster on Server2. You need to ensure that the AD RMS cluster is discoverable automatically by the AD RMS client computers and the users in contoso.com. Which additional configuration settings should you configure?
To answer, select the appropriate tab in the answer area.
 clip_image001[78]
Answer:
 clip_image001[80]

QUESTION 47
You plan to deploy a failover cluster that will contain two nodes that run Windows Server 2012 R2. You need to configure a witness disk for the failover cluster. How should you configure the witness disk? To answer, drag the appropriate configurations to the correct location or locations. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[82]
Answer:
 clip_image002

QUESTION 48
You have a test server named Server1 that is configured to dual-boot between Windows Server 2008 R2 and Windows Server 2012 R2. You start Server1 and you discover that the boot entry for Windows Server 2008 R2 no longer appears on the boot menu. You start Windows Server 2012 R2 on Server1 and you discover the disk configurations shown in the following table.
 clip_image001[84]
You need to restore the Windows Server 2008 R2 boot entry on Server1. What should you do?

A.    Run bcdedit.exe and specify the /createstore parameter.
B.    Run bootrec.exe and specify the /scanos parameter.
C.    Run bcdboot.exe d:\windows.
D.    Run bootrec.exe and specify the /rebuildbcd parameter.

Answer: D
Explanation:
A. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, /Createstore Creates a new empty boot configuration data store. The created store is not a system store. B. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are c mpatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
C.
D. Bootrec.exe tool to troubleshoot "Bootmgr Is Missing" issue. The /ScanOs option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option displays the entries that are currently not in the BCD store. Use this option when there are Windows Vista or Windows 7 installations that the Boot Manager menu does not list.
http://technet.microsoft.com/en-us/library/cc709667(v=ws.10).aspx http://support.microsoft.com/kb/927392/en-us
 clip_image001[86]
QUESTION 49
You have a DHCP server named Server1. Server1 has one network adapter. Server1 is located on a subnet named Subnet1. Server1 has scope named Scope1. Scope1 contains IP addresses for the 192.168.1.0/24 network. Your company is migrating the IP addresses on Subnet1 to use a network ID of 10.10.0.0/16. On Server11 you create a scope named Scope2. Scope2 contains IP addresses for the 10.10.0.0/16 network. You need to ensure that clients on Subnet1 can receive IP addresses from either scope. What should you create on Server1?

A.    A multicast scope
B.    A scope
C.    A superscope
D.    A split-scope

Answer: C
Explanation:
A. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those members in the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process the multicast traffic
B. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients. C. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative entity.
D.
http://technet.microsoft.com/en-us/library/dd759152.aspx http://technet.microsoft.com/en-us/library/dd759218.aspx http://technet.microsoft.com/en-us/library/dd759168.aspx
 

QUESTION clip_image001[88]50
Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[90]
You need to change the zone type of the contoso.com zone from an Active Directory-integrated zone to a standard primary zone. What should you do before you change the zone type?

A.    Unsign the zone.
B.    Modify the Zone Signing Key (ZSK).
C.    Modify the Key Signing Key (KSK).
D.    Change the Key Master.

Answer: A
Explanation:
A. Lock icon indicating that it is currently signed with DNSSEC, zone must be unsignes
B. An authentication key that corresponds to a private key used to sign a zone.
C. The KSK is an authentication key that corresponds to a private key used to sign one or more other signing keys for a given zone. Typically, the private key corresponding to a KSK will sign a ZSK, which in turn has a corresponding private key that will sign other zone data.
D.
http://technet.microsoft.com/en-us/library/hh831411.aspx
http://technet.microsoft.com/en-us/library/ee649132(v=ws.10).aspx

clip_image001[92]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(31-40)!

QUESTION 31
Your network contains three Active Directory forests. Each forest contains an Active Directory Rights Management Services (AD RMS) root cluster. All of the users in all of the forests must be able to access protected content from any of the forests. You need to identify the minimum number of AD RMS trusts required. How many trusts should you identify?

A.    2
B.    3
C.    4
D.    6

Answer: D

QUESTION 32
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    Active Directory Sites and Services
B.    Active Directory Administrative Center
C.    Server Manager
D.    Certificate Templates

Answer: B

QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[54]
You discover that client computers cannot obtain IPv4 addresses from DC1. You need to ensure that the client computers can obtain IPv4 addresses from DC1. What should you do?

A.    Activate the scope.
B.    Authorize DC1.
C.    Disable the Allow filters.
D.    Disable the Deny filters.

Answer: C
Explanation:
There is no items in the deny List. So it means that client computers MAC addresses is not listed in the allow list. So we have to disable the "Allow Filters" http://technet.microsoft.com/en-us/library/ee956897(v=ws.10).aspx
 clip_image001[56]

QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 and a domain controller named DC1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is linked to the domain. Server1 contains a folder named Folder1. Folder1 is shared as Share1. You need to ensure that authenticated users can request assistance when they are denied access to the resources on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Assign the Read Attributes NTFS permission on Folder1 to the Authenticated Users group.
B.    Install the File Server Resource Manager role service on Server1.
C.    Configure the Customize message for Access Denied errors policy setting of GPO1.
D.    Enable the Enable access-denied assistance on client for all file types policy setting for GPO1.
E.    Install the File Server Resource Manager role service on DC1.

Answer: BD
Explanation:
http://technet.microsoft.com/en-us/library/hh831402.aspx#BKMK_1

QUESTION 35
Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)
 clip_image002[26]
The domain contains two global groups named Group1 and Group2. You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Remove the Deny permission for Group1 from Folder1.
B.    Deny Group2 permission to Folder1.
C.    Install a domain controller that runs Windows Server 2012 R2.
D.    Create a conditional expression.
E.    Deny Group2 permission to Share1.
F.    Deny Group1 permission to Share1.

Answer: CD
Explanation:
* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditional access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment.
http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccess- control-en-us.aspx

QUESTION 36
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The forest contains two Active Directory sites named Main and Branch1. The sites connect to each other by using a site link named Main-Branch1. There are no other site links. Each site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your company plans to open a new branch site named Branch2. The new site will have a WAN link that connects to the Main site only. The site will contain two domain controllers that run Windows Server 2012 R2. You need to create a new site and a new site link for Branch2. The solution must ensure that the domain controllers in Branch2 only replicate to the domain controllers in Branch1 if all of the domain controllers in Main are unavailable. Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[28]
Answer:
 clip_image002[30]

QUESTION 37
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DNS Server server role installed. The network contains client computers that run either Linux, Windows 7, or Windows 8. You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[58]
You plan to configure Name Protection on all of the DHCP servers. You need to configure the adatum.com zone to support Name Protection. Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the solution. Choose two.)

A.    Sign the zone.
B.    Store the zone in Active Directory.
C.    Modify the Security settings of the zone.
D.    Configure Dynamic updates.

Answer: BD
Explanation:
http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx
 clip_image001[60]

clip_image001[62]

QUESTION 38
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other. Server1 hosts a virtual machine named VM1. VM1 is replicated to Server2. You need to verify whether the replica of VM1 on Server2 is functional. The solution must ensure that VM1 remains accessible to clients. What should you do from Hyper-V Manager?

A.    On Server1, execute a Planned Failover.
B.    On Server1, execute a Test Failover.
C.    On Server2, execute a Planned Failover.
D.    On Server2, execute a Test Failover.

Answer: D
Explanation:
A. Server 1 is houses VM1 and it is replicated to Server2 – wrong server to failover and this is not a planned fail over case
B. Wrong server correct failover type
C. Wrong server, wrong failover type
D. Right server and failover type
http://blogs.technet.com/b/virtualization/archive/2012/07/31/types-of-failover-operations-inhyper- v-replica-partii-planned-failover.aspx
http://blogs.technet.com/b/virtualization/archive/2012/07/26/types-of-failover-operations-inhyper- v-replica.aspx

QUESTION 39
You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2. You need to force every node in Cluster1 to contact immediately the Windows Server Update Services (WSUS) server on your network for updates. Which tool should you use?

A.    The Add-CauClusterRole cmdlet
B.    The Wuauclt command
C.    The Wusa command
D.    The Invoke-CauScan cmdlet

Answer: D
Explanation:
A. Adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating functionality to the specified cluster.
B. the wuauclt utility allows you some control over the functioning of the Windows Update Agent C. The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Standalone Installer uses the Windows Update Agent API to install update packages. Update packages have an .msu file name extension. The .msu file name extension is associated with the Windows Update Standalone Installer.
D. Performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in a specified cluster. http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx http://technet.microsoft.com/en-us/library/cc720477(v=ws.10).aspx http://support.microsoft.com/kb/934307
http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx
 clip_image001[64]

QUESTION 40
Your network contains an Active Directory domain named contoso.com. The network contains a file server named Server1 that runs Windows Server 2012 R2. You are configuring a central access policy for temporary employees. You enable the Department resource property and assign the property a suggested value of Temp. You need to configure a target resource condition for the central access rule that is scoped to resources assigned to Temp only. Which condition should you use?

A.    (Temp.Resource Equals "Department")
B.    (Resource.Temp Equals "Department")
C.    (Resource.Department Equals "Temp")
D.    (Department.Value Equals "Temp")

Answer: C
Explanation:
http://technet.microsoft.com/fr-fr/library/hh846167.aspx

clip_image001[66]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(21-30)!

QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. The network contains an enterprise certification authority (CA). All servers are enrolled automatically for a certificate-based on the Computer certificate template. On Server1, you have a virtual machine named VM1. VM1 is replicated to Server2. You need to encrypt the replication of VM1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    On Server1, modify the settings of VM1.
B.    On Server2, modify the settings of VM1.
C.    On Server2, modify the Hyper-V Settings.
D.    On Server1, modify the Hyper-V Settings.
E.    On Server1, modify the settings of the virtual switch to which VM1 is connected.
F.    On Server2, modify the settings of the virtual switch to which VM1 is connected.

Answer: AC
Explanation:
Answer is A and C, not A and F. Virtual Switch has nothing to do with this scenario based many sites I’ve visited even TechNet. And added a couple examples with Enterprise CA as well.
C. – Is Server 2, modify settings of Hyper-V=>Replica Server. then all the Encryption Reqs. TCP-443/SSL.

QUESTION 22
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. You create a user account named User1 in the domain. You need to ensure that User1 can use Windows Server Backup to back up Server1. The solution must minimize the number of administrative rights assigned to User1. What should you do?

A.    Add User1 to the Backup Operators group.
B.    Add User1 to the Power Users group.
C.    Assign User1 the Backup files and directories user right and the Restore files and directories user right.
D.    Assign User1 the Backup files and directories user right.

Answer: D
Explanation:
Backup Operators have these permissions by default:
 clip_image001[40]
However the question explicitly says we need to minimize administrative rights. Since the requirement is for backing up the data only–no requirement to restore or shutdown–then assigning the "Back up files and directories user right" would be the correct answer.
 clip_image001[42]

QUESTION 23
You have a server named Server1 that runs Windows Server 2012 R2 and is used for testing. A developer at your company creates and installs an unsigned kernel-mode driver on Server1. The developer reports that Server1 will no longer start. You need to ensure that the developer can test the new driver. The solution must minimize the amount of data loss. Which Advanced Boot Option should you select?

A.    Disable Driver Signature Enforcement
B.    Disable automatic restart on system failure
C.    Last Know Good Configuration (advanced)
D.    Repair Your Computer

Answer: A
Explanation:
A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel- mode driver only if the kernel can verify the driver signature. However, this default behavior can be disabled to facilitate early driver development and non-automated testing. B. specifies that Windows automatically restarts your computer when a failure occurs C. Developer would not be able to test the driver as needed D. Removes or repairs critical windows files, Developer would not be able to test the driver as needed and some file loss
http://technet.microsoft.com/en-us/library/jj134246.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx
 clip_image001[44]

QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes to Cluster1. You need to ensure that Cluster1 stops running if three nodes fail. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    The Scale-Out File Server

Answer: C

QUESTION 25
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. You add two additional nodes in Cluster1. You have a folder named Folder1 on Server1 that hosts application data. Folder1 is a folder target in a Distributed File System (DFS) namespace. You need to provide highly available access to Folder1. The solution must support DFS Replication to Folder1. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    The Scale-Out File Server

Answer: E

QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Port rules are configured for all clustered applications. You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by a port rule. What should you configure?

A.    Affinity-None
B.    Affinity-Single
C.    The cluster quorum settings
D.    The failover settings
E.    A file server for general use
F.    The Handling priority
G.    The host priority
H.    Live migration
I.    The possible owner
J.    The preferred owner
K.    Quick migration
L.    The Scale-Out File Server

Answer: G
Explanation:
http://technet.microsoft.com/en-us/library/bb742455.aspx
 clip_image001[46]
QUESTION 27
Your network contains an Active Directory domain named contoso.com. A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS). After the proof of concept was complete, the Active Directory Rights Management Services server role was removed. You attempt to deploy AD RMS. During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found. You need to remove the existing AD RMS SCP. Which tool should you use?

A.    ADSI Edit
B.    Active Directory Users and Computers
C.    Active Directory Domains and Trusts
D.    Active Directory Sites and Services
E.    Services
F.    Authorization Manager
G.    TPM Management
H.    Certification Authority

Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/jj835767(v=ws.10).aspx
 clip_image001[48]

clip_image001[50]

clip_image001[52]

QUESTION 28
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named adatum.com. You need to configure an access solution to meet the following requirements:
– Users in adatum.com must be able to access resources in contoso.com.
– Users in adatum.com must be prevented from accessing resources in fabrikam.com.
– Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?

A.    a one-way realm trust from contoso.com to adatum.com
B.    a one-way realm trust from adatum.com to contoso.com
C.    a one-way external trust from contoso.com to adatum.com
D.    a one-way external trust from adatum.com to contoso.com

Answer: C
Explanation:
domain names were changed, so understand the question well
You need to make trust relationship where domain contoso.com trusts adatum.com.
http://technet.microsoft.com/en-us/library/cc728024(v=ws.10).aspx
 clip_image002[24]

QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. DC1 hosts an Active Directory- integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

A.    Dnscmd
B.    Dnslint
C.    Repadmin
D.    Ntdsutil
E.    DNS Manager
F.    Active Directory Sites and Services
G.    Active Directory Domains and Trusts
H.    Active Directory Users and Computers

Answer: F
Explanation:
http://technet.microsoft.com/en-us/library/cc739941(v=ws.10).aspx
If you see question about AD Replication, First preference is AD sites and services, then Repadmin and then DNSLINT.

QUESTION 30
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

A.    Active Directory Administrative Center
B.    Active Directory Sites and Services
C.    Active Directory Users and Computers
D.    the Certification Authority console
E.    the Certificates snap-in
F.    Certificate Templates
G.    Server Manager
H.    the Security Configuration Wizard

Answer: AC
Explanation:
A. ADAC – Active Directory Administrative Center used to manage users/computers C. ADUC – Active Directory Users and Computers used to manage users/Computers.
http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx http://technet.microsoft.com/en-us/library/aa997340(v=exchg.65).aspx

Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(11-20)!

QUESTION 11
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named Server1. Server1 has the IP Address Management (IPAM) Server feature installed. On Dc1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM. On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[12]
You need to ensure that you can use IPAM on Server1 to manage DNS on DC1. What should you do?

A.    Modify the outbound firewall rules on Server1.
B.    Modify the inbound firewall rules on Server1.
C.    Add Server1 to the Remote Management Users group.
D.    Add Server1 to the Event Log Readers group.

Answer: D
Explanation:
Since no exhibit, the guess here is it’s not using the GPO to manage the Event Log Readers group– evidenced by the fact that the firewall was configured manually instead of with the GPO. If the GPO was being used then the IPAM server would be in the Event Log Readers group due to restricted group settings in the GPO as shown below:
 clip_image002[14]
In the above example, the IPAM server is as member of the VDI\IPAMUG group.
http://technet.microsoft.com/en-us/library/jj878313.aspx
 clip_image001[22]

QUESTION 12
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the IP Address Management (IPAM) Server feature installed. You install the IPAM client on Server2. You open Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[16]
You need to manage IPAM from Server2. What should you do first?

A.    On Server1, add the Server2 computer account to the IPAM MSM Administrators group.
B.    On Server2, open Computer Management and connect to Server1.
C.    On Server2, add Server1 to Server Manager.
D.    On Server1, add the Server2 computer account to the IPAM ASM Administrators group.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh831453.aspx
 clip_image002[18]
QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Dc1. DC1 has the DNS Server server role installed. The network has two sites named Site1 and Site2. Site1 uses 10.10.0.0/16 IP addresses and Site2 uses 10.11.0.0/16 IP addresses. All computers use DC1 as their DNS server. The domain contains four servers named Server1, Server2, Server3, and Server4. All of the servers run a service named Service1. DNS host records are configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[24]
You discover that computers from the 10.10.1.0/24 network always resolve Service1 to the [P address of Server1. You need to configure DNS on DC1 to distribute computers in Site1 between Server1 and Server2 when the computers attempt to resolve Service1. What should run on DC1?

A.    dnscmd /config /bindsecondaries 1
B.    dnscmd /config /localnetpriority 0
C.    dnscmd /config /localnetprioritynetmask 0x0000ffff
D.    dnscmd /config /roundrobin 0

Answer: C
Explanation:
A. Specifies use of fast transfer format used by legacy Berkeley Internet Name Domain (BIND) servers. 1 enables
B. Disables netmask ordering.
C. You can use the Dnscmd /Config /LocalNetPriorityNetMask 0x0000FFFF command to use class B ( or 16 bit) for netmask ordering for DNS round robin
D. Disables round robin rotation.
http://technet.microsoft.com/en-us/library/cc737355(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738473(v=ws.10).aspx http://support.microsoft.com/kb/842197
http://technet.microsoft.com/en-us/library/cc779169(v=ws.10).aspx

QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the DHCP Server server role installed. Server1 is located in the main office site. Server2 is located in the branch office site. Server1 provides IPv4 addresses to the client computers in the main office site. Server2 provides IPv4 addresses to the client computers in the branch office site. You need to ensure that if either Server1 or Server2 are offline, the client computers can still obtain IPv4 addresses.
The solution must meet the following requirements:
– The storage location of the DHCP databases must not be a single point of failure.
– Server1 must provide IPv4 addresses to the client computers in the branch office site only if Server2 is offline.
– Server2 must provide IPv4 addresses to the client computers in the main office site only if Server1 is offline.
Which configuration should you use?

A.    load sharing mode failover partners
B.    a failover cluster
C.    hot standby mode failover partners
D.    a Network Load Balancing (NLB) cluster

Answer: C
Explanation:
A. The load sharing mode of operation is best suited to deployments where both servers in a failover relationship are located at the same physical site.
B. Hot standby mode of operation is best suited to deployments where a central office or data center server acts as a standby backup server to a server at a remote site, which is local to the DHCP clients
C. Needs to be a DHCP Failover option
D. Needs to be a DHCP Failover option
http://technet.microsoft.com/en-us/library/hh831385.aspx http://blogs.technet.com/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standbymode.aspx
 clip_image001[26]

QUESTION 15
You have a DHCP server named Server1. Server1 has an IP address 192.168.1.2 is located on a subnet that has a network ID of 192.168.1.0/24. On Server1, you create the scopes shown in the following table.
 clip_image001[28]
You need to ensure that Server1 can assign IP addresses from both scopes to the DHCP clients on the local subnet. What should you create on Server1?

A.    A scope
B.    A superscope
C.    A split-scope
D.    A multicast scope

Answer: B
Explanation:
A. A scope is an administrative grouping of IP addresses for computers on a subnet that use the Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients.
B. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative entity.
D. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those members in the group of endpoints hosts that are listening for the multicast traffic (the multicast group) process the multicast traffic http://technet.microsoft.com/en-us/library/dd759168.aspx http://technet.microsoft.com/en-us/library/dd759152.aspx
 clip_image001[30]

QUESTION 16
Your network contains servers that run Windows Server 2012 R2. The network contains a large number of iSCSI storage locations and iSCSI clients. You need to deploy a central repository that can discover and list iSCSI resources on the network automatically. Which feature should you deploy?

A.    the Windows Standards-Based Storage Management feature
B.    the iSCSI Target Server role service
C.    the iSCSI Target Storage Provider feature
D.    the iSNS Server service feature

Answer: D
Explanation:
A. Windows Server 2012 R2 enables storage management that is comprehensive and fully scriptable, and administrators can manage it remotely. A WMI-based interface provides a single mechanism through which to manage all storage, including non-Microsoft intelligent storage subsystems and virtualized local storage (known as Storage Spaces). Additionally, management applications can use a single Windows API to manage different storage types by using standards-based protocols such as Storage Management Initiative Specification (SMI-S).
B. Targets are created in order to manage the connections between an iSCSI device and the servers that need to access it. A target defines the portals (IP addresses) that can be used to connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires in order to authenticate the servers that are requesting access to its resources. C. iSCSI Target Storage Provider enables applications on a server that is connected to an iSCSI target to perform volume shadow copies of data on iSCSI virtual disks. It also enables you to manage iSCSI virtual disks by using older applications that require a Virtual Disk Service (VDS) hardware provider, such as the Diskraid command.
D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to discover storage devices, also known as targets, on an Ethernet network.
http://technet.microsoft.com/en-us/library/cc726015.aspx
http://technet.microsoft.com/en-us/library/cc772568.aspx
 clip_image001[32]
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. All domain user accounts have the Division attribute automatically populated as part of the user provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is enabled for the domain. You need to control access to the file shares on Server1 based on the values in the Division attribute and the Division resource property. Which three actions should you perform in sequence?
 clip_image002[20]
Answer:
 clip_image001[34]
Explanation:
First create a claim type for the property, then create a reference resource property that points back to the claim. Finally set the classification value on the folder

QUESTION 18
Your network contains two Active Directory forests named contoso.com and fabrikam.com. The contoso.com forest contains two domains named corp.contoso.com and contoso.com. You establish a two-way forest trust between contoso.com and fabrikam.com. Users from the corp.contoso.com domain report that they cannot log on to client computers in the fabrikam.com domain by using their corp.contoso.com user account. When they try to log on, they receive following error message:
"The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate to the computer." Corp.contoso.com users can log on successfully to client computers in the contoso.com domain by using their corp.contoso.com user account credentials. You need to allow users from the corp.contoso.com domain to log on to the client computers in the fabrikam.com forest. What should you do?

A.    Configure Windows Firewall with Advanced Security.
B.    Enable SID history.
C.    Configure forest-wide authentication.
D.    Instruct the users to log on by using a user principal name (UPN).

Answer: C
Explanation:
C. The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest.
http://technet.microsoft.com/en-us/library/cc785875(v=ws.10).aspx
 clip_image001[36]

QUESTION 19
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. The servers have the hardware configurations shown in the following table.
 clip_image001[38]
Server1 hosts five virtual machines that run Windows Server 2012 R2. You need to move the virtual machines from Server1 to Server2. The solution must minimize downtime. What should you do for each virtual machine?

A.    Export the virtual machines from Server1 and import the virtual machines to Server2.
B.    Perform a live migration.
C.    Perform a quick migration.
D.    Perform a storage migration.

Answer: A
Explanation:
None of these migration options will work between different Processors ( AMD/Intel). The only option remaining is to export and re-import the VMs

QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers have the Hyper-V server role installed. You plan to replicate virtual machines between Server1 and Server2. The replication will be encrypted by using Secure Sockets Layer (SSL). You need to request a certificate on Server1 to ensure that the virtual machine replication is encrypted. Which two intended purposes should the certificate for Server1 contain? (Each correct answer presents part of the solution. Choose two.)

A.    Client Authentication
B.    Kernel Mode Code Signing
C.    Server Authentication
D.    IP Security end system
E.    KDC Authentication

Answer: AC
Explanation:
http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate- requirements.aspx

clip_image002[22]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-412 Exam Dump Free Download(1-10)!

QUESTION 1
Your network contains an Active Directory domain named adatum.com. The domain contains two domain controllers that run Windows Server 2012 R2. The domain controllers are configured as shown in the following table.
 clip_image001
You log on to DC1 by using a user account that is a member of the Domain Admins group, and then you create a new user account named User1. You need to prepopulate the password for User1 on DC2. What should you do first?

A.    Connect to DC2 from Active Directory Users and Computers.
B.    Add DC2 to the Allowed RODC Password Replication Policy group.
C.    Add the User1 account to the Allowed RODC Password Replication Policy group.
D.    Run Active Directory Users and Computers as a member of the Enterprise Admins group.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre
 clip_image001[4]
QUESTION 2
Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using the DEFAULTIPSITELINK site link. You need to ensure that only between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that the domain controllers in the Montreal and the New York offices can replicate the Active Directory changes any time of day. What should you do?

A.    Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of DEFAULTIPSITELINK.
B.    Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of DEFAU LTIPSITELINK.
C.    Create a new site link that contains Montreal and Amsterdam.
Remove Amsterdam from DEFAULTIPSITELINK.
Modify the schedule of the new site link.
D.    Create a new site link that contains Montreal and Amsterdam.
Create a new site link bridge.
Modify the schedule of the new site link.

Answer: C
Explanation:
Very Smartly reworded with same 3 offices. In the exam correct answer is "Create a new site link that contains Newyork to Montreal.
Remove Montreal from DEFAULTIPSITELINK.Modify the schedule of the new site link".
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx

QUESTION 3
Your network contains two Active Directory forests named contoso.com and adatum.com. A two- way forest trust exists between the forests. The contoso.com forest contains an enterprise certification authority (CA) named Server1. You implement cross-forest certificate enrollment between the contoso.com forest and the adatum.com forest. On Server1, you create a new certificate template named Template1. You need to ensure that users in the adatum.com forest can request certificates that are based on Template1. Which tool should you use?

A.    DumpADO.ps1
B.    Repadmin
C.    Add-CATemplate
D.    Certutil
E.    PKISync.ps1

Answer: E
Explanation:
B. Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems.
C. Adds a certificate template to the CA.
D. Use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
E. PKISync.ps1 copies objects in the source forest to the target forest
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating http://technet.microsoft.com/en-us/library/cc770963(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh848372.aspx http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/en-us/library/ff961506(v=ws.10).aspx
 clip_image001[6]

QUESTION 4
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed. You back up Server1 each day by using Windows Server Backup. The disk array on Server1 fails. You replace the disk array. You need to restore Server1 as quickly as possible. What should you do?

A.    Start Server1 from the Windows Server 2012 R2 installation media.
B.    Start Server1and press F8.
C.    Start Server1 and press Shift+F8.
D.    Start Server1 by using the PXE.

Answer: A
Explanation:
A. Recovery of the OS uses the Windows Setup Disc
http://technet.microsoft.com/en-us/library/cc753920.aspx http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-BareMetal.html

QUESTION 5
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Both servers have the Hyper-V server role installed. Server1 and Server2 are located in different offices. The offices connect to each other by using a high-latency WAN link. Server2 hosts a virtual machine named VM1. You need to ensure that you can start VM1 on Server1 if Server2 fails. The solution must minimize hardware costs. What should you do?

A.    On Server1, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
B.    From the Hyper-V Settings of Server2, modify the Replication Configuration settings.
Enable replication for VM1.
C.    On Server2, install the Multipath I/O (MPIO) feature.
Modify the storage location of the VHDs for VM1.
D.    From the Hyper-V Settings of Server1, modify the Replication Configuration settings.
Enable replication for VM1.

Answer: D
Explanation:
You first have to enable replication on the Replica server–Server1–by going to the server and modifying the "Replication Configuration" settings under Hyper-V settings. You then go to VM1– which presides on Server2– and run the "Enable Replication" wizard on VM1.
 clip_image002
 clip_image002[4]

QUESTION 6
You have a server named Server1 that runs Windows Server 2012 R2. You modify the properties of a system driver and you restart Server1. You discover that Server1 continuously restarts without starting Windows Server 2012 R2. You need to start Windows Server 2012 R2 on Server1 in the least amount of time. The solution must minimize the amount of data loss. Which Advanced Boot Option should you select?

A.    Last Know Good Configuration (advanced)
B.    Repair Your Computer
C.    Disable automatic restart on system failure
D.    Disable Driver Signature Enforcement

Answer: A
Explanation:
http://windows.microsoft.com/en-ph/windows-vista/using-last-known-good-configuration
 clip_image001[8]

QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2012 R2. All three servers have the Hyper-V server role installed and the Failover Clustering feature installed. Server1 and Server2 are nodes in a failover cluster named Cluster1. Several highly available virtual machines run on Cluster1. Cluster1 has the Hyper-V Replica Broker role installed. The Hyper-V Replica Broker currently runs on Server1. Server3 currently has no virtual machines. You need to configure Cluster1 to be a replica server for Server3 and Server3 to be a replica server for Cluster1. Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)

A.    The Hyper-V Manager console connected to Server3
B.    The Failover Cluster Manager console connected to Server3
C.    The Hyper-V Manager console connected to Server1.
D.    The Failover Cluster Manager console connected to Cluster1
E.    The Hyper-V Manager console connected to Server2

Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/jj134240.aspx
 clip_image002[6]
 clip_image001[10]

QUESTION 8
You have a file server named Server1 that runs Windows Server 2012 R2. The folders on Server1 are configured as shown in the following table.
 clip_image001[12]
A new corporate policy states that backups must use Microsoft Online Backup whenever possible. You need to identify which technology you must use to back up Server1. The solution must use Microsoft Online Backup whenever What should you identify? To answer, drag the appropriate backup type to the correct location or locations. Each backup type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[8]
Answer:
 clip_image001[14]
Explanation:
http://technet.microsoft.com/en-us/library/hh831761.aspx
 clip_image002[10]

QUESTION 9
You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a signed zone for contoso.com. You need to configure DNS clients to perform DNSSEC validation for the contoso.com DNS domain. What should you configure?

A.    The Network Connection settings
B.    A Name Resolution Policy
C.    The Network Location settings
D.    The DNS Client settings

Answer: B
Explanation:
B. In a DNSSEC deployment, validation of DNS queries by client computers is enabled through configuration of IPSEC & NRPT
http://technet.microsoft.com/en-us/library/ee649182(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee649136(v=ws.10).aspx
 clip_image001[16]
QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. On Dc1, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[18]
You need to change the replication scope of the contoso.com zone. What should you do before you change the replication scope?

A.    Modify the Zone Transfers settings.
B.    Add DC1 to the Name Servers list.
C.    Add your user account to the Security settings of the zone.
D.    Unsign the zone.

Answer: D
Explanation:
D. Lock icon signifies that the Zone has been signed. Changes to the zone are blocked when signed http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018

clip_image001[20]
Passing Microsoft 70-412 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-412.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(271-280)!

QUESTION 271
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[100]
You need to prevent GPO1 from Applying to your user account when you log on to Server1. GPO1 must Apply to every other user who logs on to Server1.
What should you configure?

A.    WMI Filtering
B.    Item-level Targeting
C.    Block Inheritance
D.    Security Filtering

Answer: D

QUESTION 272
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A.    Mount the most recent Active Directory backup.
B.    Perform an authoritative restore of Group1.
C.    Use the Recycle Bin to restore Group1.
D.    Reactivate the tombstone of Group1.

Answer: A

QUESTION 273
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
For Server2, you are configuring constrained delegation to a third-party service named Service1 on Server1.
When you attempt to add Service1 from Server1 to the delegation setting of Server2, you discover that Service1 is not listed in the Available services list.
You need to ensure that you can add Service1 for constrained delegation.
What should you do first?

A.    From the Services console, modify the properties of Service1
B.    From ADSI Edit, create a serviceConnectionPoint (SCP) object
C.    From a command prompt, run the setspn.exe command
D.    From Active Directory Users and Computers, enable the Advanced Features option.

Answer: A

QUESTION 274
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Files created by users in the human resources department are assigned the Department classification property automatically.
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more.
You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort.
What should you configure on Task1?

A.    Create a custom action.
B.    Configure a file screen.
C.    Create a classification rule.
D.    Create a condition.

Answer: D

QUESTION 275
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a Network Policy Server (NPS) network policy named Policy1.
You need to ensure that Policy1 applies to L2TP connections only.
Which condition should you modify? To answer, select the appropriate object in the answer area.
 clip_image002[45]
Answer:

clip_image002[47]

QUESTION 276
Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone forcontoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes.
Which setting should you modify in the start of authority (SOA) record?

A.    Retry interval
B.    Minimum (default) TTL
C.    Expires after
D.    Refresh interval

Answer: D

QUESTION 277
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?

A.    The Secedit command
B.    The Set-AdComputer cmdlet
C.    Active Directory Users and Computers
D.    The Invoke-GpUpdate cmdlet

Answer: D
Explanation:
Invoke-GPUpdate
Schedule a remote Group Policy refresh (gpupdate) on the specified computer.
Applies To: Windows Server 2012 R2
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay.
Note:
Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure a computer and user experience within a domain. When the Resultant Set of Policy settings does not conform to your expectations, a best practice is to first verify that the computer or user has received the latest policy settings. In previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.
With Windows Server 2012 R2 and Windows 8, you can remotely refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within the OU structure–for example, if the computers are located in the default computers container.
The remote Group Policy refresh updates all Group Policy settings, including security settings that are set on a group of remote computers, by using the functionality that is added to the context menu for an OU in the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group Policy settings on all the computers in that OU, the following operations happen:
An Active Directory query returns a list of all computers that belong to that OU. For each computer that belongs to the selected OU, a WMI call retrieves the list of signed in users.
A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to decrease the load on the network traffic. This random delay cannot be configured when you use the GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run immediately when you use the Invoke-GPUpdate cmdlet.
Reference: Force a Remote Group Policy Refresh (GPUpdate)

QUESTION 278
Your network contains two servers named W5U51 and WSUS_REPL that run Windows Server 2012 R2. WSUS1 and WSUS_REPL have the Windows Server Update Services server role installed.
All client computers run Windows 7.
WSUS1 synchronizes from Microsoft Update. WSUS_REPL is a Windows Server Update Services (WSUS) replica of WSUS1.
You need to configure replica downstream servers to send WSUS_REPL summary information about the computer update status.
What should you do?

A.    From WSUS1, configure Reporting Rollup.
B.    From WSUS_REPL, configure Reporting Rollup.
C.    From WSUS1, configure Email Notifications.
D.    From WSUS_REPL, configure Email Notifications.

Answer: A

QUESTION 279
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create a central store for Group Policy.
You receive a custom administrative template named Template1.admx.
You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs).
What should you do?

A.    Copy Template1.admx to
\\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
B.    From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.
C.    Copy Template1.admx to \\Contoso.com\NETLOGON
D.    From the Default Domain Policy, add Template1.admx to the Administrative Templates.

Answer: A

QUESTION 280
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2.
What should you create?

A.    a secondary zone
B.    a stub zone
C.    a trust anchor
D.    a zone delegation

Answer: B
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(271-280)!

QUESTION 271
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1. GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[100]
You need to prevent GPO1 from Applying to your user account when you log on to Server1. GPO1 must Apply to every other user who logs on to Server1.
What should you configure?

A.    WMI Filtering
B.    Item-level Targeting
C.    Block Inheritance
D.    Security Filtering

Answer: D

QUESTION 272
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A.    Mount the most recent Active Directory backup.
B.    Perform an authoritative restore of Group1.
C.    Use the Recycle Bin to restore Group1.
D.    Reactivate the tombstone of Group1.

Answer: A

QUESTION 273
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2.
For Server2, you are configuring constrained delegation to a third-party service named Service1 on Server1.
When you attempt to add Service1 from Server1 to the delegation setting of Server2, you discover that Service1 is not listed in the Available services list.
You need to ensure that you can add Service1 for constrained delegation.
What should you do first?

A.    From the Services console, modify the properties of Service1
B.    From ADSI Edit, create a serviceConnectionPoint (SCP) object
C.    From a command prompt, run the setspn.exe command
D.    From Active Directory Users and Computers, enable the Advanced Features option.

Answer: A

QUESTION 274
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Files created by users in the human resources department are assigned the Department classification property automatically.
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more.
You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort.
What should you configure on Task1?

A.    Create a custom action.
B.    Configure a file screen.
C.    Create a classification rule.
D.    Create a condition.

Answer: D

QUESTION 275
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a Network Policy Server (NPS) network policy named Policy1.
You need to ensure that Policy1 applies to L2TP connections only.
Which condition should you modify? To answer, select the appropriate object in the answer area.
 clip_image002[45]
Answer:

clip_image002[47]

QUESTION 276
Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone forcontoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes.
Which setting should you modify in the start of authority (SOA) record?

A.    Retry interval
B.    Minimum (default) TTL
C.    Expires after
D.    Refresh interval

Answer: D

QUESTION 277
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?

A.    The Secedit command
B.    The Set-AdComputer cmdlet
C.    Active Directory Users and Computers
D.    The Invoke-GpUpdate cmdlet

Answer: D
Explanation:
Invoke-GPUpdate
Schedule a remote Group Policy refresh (gpupdate) on the specified computer.
Applies To: Windows Server 2012 R2
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer. You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be offset by a random delay.
Note:
Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure a computer and user experience within a domain. When the Resultant Set of Policy settings does not conform to your expectations, a best practice is to first verify that the computer or user has received the latest policy settings. In previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.
With Windows Server 2012 R2 and Windows 8, you can remotely refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within the OU structure–for example, if the computers are located in the default computers container.
The remote Group Policy refresh updates all Group Policy settings, including security settings that are set on a group of remote computers, by using the functionality that is added to the context menu for an OU in the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group Policy settings on all the computers in that OU, the following operations happen:
An Active Directory query returns a list of all computers that belong to that OU. For each computer that belongs to the selected OU, a WMI call retrieves the list of signed in users.
A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to decrease the load on the network traffic. This random delay cannot be configured when you use the GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run immediately when you use the Invoke-GPUpdate cmdlet.
Reference: Force a Remote Group Policy Refresh (GPUpdate)

QUESTION 278
Your network contains two servers named W5U51 and WSUS_REPL that run Windows Server 2012 R2. WSUS1 and WSUS_REPL have the Windows Server Update Services server role installed.
All client computers run Windows 7.
WSUS1 synchronizes from Microsoft Update. WSUS_REPL is a Windows Server Update Services (WSUS) replica of WSUS1.
You need to configure replica downstream servers to send WSUS_REPL summary information about the computer update status.
What should you do?

A.    From WSUS1, configure Reporting Rollup.
B.    From WSUS_REPL, configure Reporting Rollup.
C.    From WSUS1, configure Email Notifications.
D.    From WSUS_REPL, configure Email Notifications.

Answer: A

QUESTION 279
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create a central store for Group Policy.
You receive a custom administrative template named Template1.admx.
You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs).
What should you do?

A.    Copy Template1.admx to
\\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\
B.    From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.
C.    Copy Template1.admx to \\Contoso.com\NETLOGON
D.    From the Default Domain Policy, add Template1.admx to the Administrative Templates.

Answer: A

QUESTION 280
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2.
What should you create?

A.    a secondary zone
B.    a stub zone
C.    a trust anchor
D.    a zone delegation

Answer: B
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(261-270)!

QUESTION 261
You wants to change the memory of a virtual machine that is currently powered up. What does he need to do?

A.    Shut down the virtual machine, use the virtual machine’s settings to change the memory, and start it again.
B.    Use the virtual machine’s settings to change the memory
C.    Pause the virtual machine, use the virtual machine’s settings to change the memory, and resume it.
D.    Save the virtual machine, use the virtual machine’s settings to change the memory, and resume it.

Answer: A

QUESTION 262
You need to stop an application from running in Task Manager. Which tab would you use to stop an application from running?

A.    Performance
B.    Users
C.    Options
D.    Details

Answer: D

QUESTION 263
You upgraded all of your locations to Windows Server 2012 R2 and implemented the routing capability built into the servers. You chose to implement RIP. After implementing the routers, you discover that routes that you don’t want your network to consider are updating your RIP routing tables. What can you do to control which networks the RIP routing protocol will communicate with on your network?

A.    Configure TCP/IP filtering
B.    Configure RIP route filtering
C.    Configure IP packet filtering
D.    Configure RIP peer filtering
E.    There is no way to control this behavior

Answer: B
Explanation:
RIP route filters allow you to configure your routers to either ignore or accept updates from specific network addresses or a range of addresses. TCP/IP filtering is configured at each individual host to control the traffic at a granular level, such as a specific address, UDP port, or TCP port. IP packet filtering is used on the router interface to control IP traffic based on subnet masks, IP address, or port.
RIP peer filtering is used to control communication between individual routers rather than control the entire network address.

QUESTION 264
Your company has offices in five locations around the country. Most of the users’ activity is local to their own network. Occasionally, some of the users in one location need to send confidential information to one of the other four locations or to retrieve information from one of them. The communication between the remote locations is sporadic and relatively infrequent, so you have configured RRAS to use demand-dial lines to set up the connections. Management’s only requirement is that any communication between the office locations be appropriately secured. Which of the following steps should you take to ensure compliance with this requirement? (Choose all that apply.)

A.    Configure CHAP on all the RRAS servers.
B.    Configure PAP on all the RRAS servers.
C.    Configure MPPE on all the RRAS servers.
D.    Configure L2TP on all the RRAS servers.
E.    Configure MS-CHAPv2 on all the RRAS servers.

Answer: CE
Explanation:
http://technet.microsoft.com/en-us/library/cc780018%28v=ws.10%29.aspx
Dial-up connection is necessary so recommended User Authentication Protocol is MS- CHAP v2 and encryption method is MPPE.

QUESTION 265
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?

A.    From Dsmgmt, run the local roles command.
B.    From Active Directory Administrative Center, modify the security settings of the Domain Controllers
organizational unit (OU).
C.    From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com
domain object.
D.    From Active Directory Users and Computers, pre-create an RODC computer account.

Answer: D
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1.Staging an unoccupied computer account
2.Attaching an RODC to that account during promotion

QUESTION 266
You have a server named Server1 that runs Windows Server 2012 R2.
You create a custom Data Collector Set (DCS) named DCS1.
You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.
Which type of data collector should you create?

A.    an event trace data collector
B.    a performance counter alert
C.    a configuration data collector
D.    a performance counter data collector

Answer: B

QUESTION 267
Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You plan to create a standard primary zone for ad.contoso.com on Server2.
You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2.
What should you do from Server1?

A.    Create a trust anchor named Server2.
B.    Create a conditional forward that points to Server2
C.    Create a zone delegation that points to Server2.
D.    Add Server2 as a name server.

Answer: C

QUESTION 268
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2.
On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1.
What should you do?

A.    On Server1, create a source computer initiated subscription.
From a Group Policy object (GPO), configure the Configure forwarder resource usage setting
B.    On Server1, create a source computer initiated subscription.
From a Group Policy object (GPO), configure the Configure target Subscription Manager setting
C.    On Server1, create a collector initiated subscription.
From a Group Policy object (GPO), configure the Configure target Subscription Manager setting
D.    On Server1, create a collector initiated subscription.
From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

Answer: B

QUESTION 269
You have a DNS server named DN51 that runs Windows Server 2012 R2.
On DNS1, you create a standard primary DNS zone named adatum.com.
You need to change the frequency that secondary name servers will replicate the zone from DNS1.
Which type of DNS record should you modify?

A.    start of authority (SOA)
B.    name server (NS)
C.    service location (SRV)
D.    host information (HINFO)

Answer: A

QUESTION 270
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
Server1 stores update files locally in C:\Updates.
You need to change the location in which the update files are stored to D:\Updates.
What should you do?

A.    From a command prompt, run wsusutil.exe and specify the export parameter
B.    From the Update Services console, configure the Update Files and Languages option
C.    From the Update Services console, run the Windows Server Update Services Configuration Wizard.
D.    From a command prompt, run wsusutil.exe and specify the movecontent parameter.

Answer: D
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(251-260)!

QUESTION 251
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2. You add a VPN server named Server2 to the network. On Server1, you create several network policies. You need to configure Server1 to accept authentication requests from Server2. memory resources and processor resources each?

A.    Add-RemoteAccessRadius
B.    New-NpsRadiusClient
C.    Remote Access Management Console
D.    Routing and Remote Access

Answer: B
Explanation:
There are two configurations need to be done in Server1. First is to create a RADIUS client, and second, create a network policy. The network policy has been created. So we need to use New-NpsRadiusClient to create a RADIUS client.

QUESTION 252
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. One of the domain controllers is named DC1.The DNS zone for the contoso.com zone is Active Directory-intergrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?

A.    From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.
B.    From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C.    From DNS Manager, modify the replication scope of the contoso.com zone.
D.    From DNS manager, modify the Security settings of the contoso.com zone.

Answer: B
Explanation:
B. Set zone to allow zone transfers
http://technet.microsoft.com/en-us/library/cc739056(v=ws.10).aspx
by the Microsoft.

QUESTION 253
A computer does not support PXE, what kind of image do you need to create?

A.    boot
B.    install
C.    discovery
D.    capture

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd637996(v=ws.10).aspx WDSUTIL /New-DiscoverImage /Image:<name> /Architecture:{x86|x64|ia64} / DestinationImage /FilePath:<path and name to new file>. To specify which server the discover image connects to, append /WDSServer:<server name or IP>.
 clip_image001[98]

QUESTION 254
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role installed.
You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using the Network Policy Server (NPS) templates.
Which three settings should you identify? (Each answer presents part of the solution.
Choose three.)

A.    IP filters
B.    shared secrets
C.    health policies
D.    network policies
E.    connection request policies

Answer: ABC

QUESTION 255
You are the network administrator for a midsize computer company. You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain. You want to make sure only domain computers register with your DNS servers. What should you do to resolve this issue?

A.    Set dynamic updates to None.
B.    Set dynamic updates to Nonsecure And Secure.
C.    Set dynamic updates to Domain Users Only.
D.    Set dynamic updates to Secure Only.

Answer: D

QUESTION 256
A system administrator is trying to determine which file system to use for a server that will become a Windows Server 2012 R2 file server and domain controller. The company has the following requirements:
The file system must allow for file-level security from within Windows 2012 Server. The file system must make efficient use of space on large partitions. The domain controller SYSVOL must be stored on the partition
Which of the following file systems meets these requirements?

A.    FAT
B.    FAT32
C.    HPFS
D.    NTFS

Answer: D

QUESTION 257
You need to create a new user account using the command prompt. Which command would you use?

A.    dsmodify
B.    dscreate
C.    dsnew
D.    dsadd

Answer: D

QUESTION 258
You are hired as a consultant to the ABC Company. The owner of the company complains that she continues to have Desktop wallpaper that she did not choose. When you speak with the IT team, you find out that a former employee created 20 GPOs and they have not been able to figure out which GPO is changing the owner’s Desktop wallpaper. How can you resolve this issue?

A.    Run the RSoP utility against all forest computer accounts
B.    Run the RSoP utility against the owner’s computer account
C.    Run the RSoP utility against the owner’s user account
D.    Run the RSoP utility against all domain computer accounts.

Answer: C

QUESTION 259
You need to enable three of your domain controllers as global catalog servers. Where would you configure the domain controllers as global catalogs?

A.    Forest, NTDS settings
B.    Domain, NTDS settings
C.    Site, NTDS settings
D.    Server, NTDS settings

Answer: D

QUESTION 260
You are the network administrator for your organization. Your company uses a Windows Server 2012 R2 Enterprise certification authority to issue certificates. You need to start using key archival. What should you do?

A.    Implement a distribution CRL.
B.    Install the smart card key retrieval.
C.    Implement a Group Policy object (GPO) that enables the Online Certificate Status Protocol (OCSP) responder.
D.    Archive the private key on the server.

Answer: D

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(241-250)!

QUESTION 241
You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com. You need to specify the email address of the person responsible for the zone. Which type of DNS record should you configure?

A.    Start of authority (SOA)
B.    Mail exchanger (MX)
C.    Host information (HINFO)
D.    Mailbox (MB)

Answer: A

QUESTION 242
You have a server named Server1 that runs Windows Server 2012 R2. You discover that the performance of Server1 is poor. The results of a performance report generated on Server1 are shown in the following table.
 clip_image001[88]
You need to identify the cause of the performance issue. What should you identify?

A.    Excessive paging
B.    NUMA fragmentation
C.    Driver malfunction
D.    Insufficient RAM

Answer: C
Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface. Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity.
Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue.
Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data.
http://technet.microsoft.com/en-us/library/cc768048.aspx

QUESTION 243
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. All domain users are configured to have a minimum password length of eight characters. You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. What should you do?

A.    Create a universal group that contains the research servers. Create a Password Settings object
(PSO) and assign the PSO to the group.
B.    Configure a local Group Policy object (GPO) on each research server.
C.    Create and link a Group Policy object (GPO) to the ResearchServers OU.
D.    Create a global group that contains the research servers. Create a Password Settings object
(PSO) and assign the PSO to the group.

Answer: C

QUESTION 244
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
 clip_image001[90]
Your company uses split-brain DNS for the contoso.com zone. You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)

 clip_image002[32]
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. Which additional name suffix entry should you add from the Remote Access Setup wizard?

A.    A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
B.    A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
C.    A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
D.    A Name Suffix value of dal.contoso.com and a DNS Server Address value of 65.55.37.62

Answer: A
Explanation:
For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name suffixes that do not have corresponding DNS servers are treated as exemptions.
http://technet.microsoft.com/en-us/library/ee382323(v=ws.10).aspx

QUESTION 245
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed. The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers. You need to add a system variable named App1Data to all of the client computers. Which Group Policy preference should you configure?

A.    Services
B.    Ini Files
C.    Environment
D.    Data Sources

Answer: C

QUESTION 246
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012 R2. Contoso.com contains two servers. The servers are configured as shown in the following table.
 clip_image001[92]
Server1 and Server2 host a load-balanced application pool named AppPool1. You need to ensure that AppPool1 uses a group Managed Service Account as its identity. Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[35]
Answer:
 clip_image002[37]

QUESTION 247
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. You need to identify which domain controller will be used for initial replication during the promotion of the RODC. Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
 clip_image001[94]
Answer:

clip_image001[96]

QUESTION 248
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. Recently, all of the domain controllers that ran Windows Server 2003 were replaced by domain controllers that run Windows Server 2012 R2.
From Event Viewer, you discover SYSVOL journal wrap errors on a domain controller named dclO.contoso.com.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which three actions should you perform on DC10?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[39]
Answer:
 clip_image002[41]
Explanation:
Box 1: Stop the Distributed File System (DFS) Replication service.
Box 2: Modify the computer objected DC10 in Active Directory.
Box 3: Start the Distributed File System (DFS) Replication service.
Note:
* In very large replica sets, replica members may encounter the following error during an authoritative restore (BURFLAGS=D4):
journal_wrap_error
To recover, the affected replica member must be reinitialized with a nonauthoritative restore (BURFLAGS=D2) where it will synchronize files from an existing inbound partner. This reinitialization can be time-consuming for large replica sets.

QUESTION 249
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the following role services installed:
– DirectAccess and VPN (RRAS)
– Network Policy Server
Remote users have client computers that run either Windows XP, Windows 7, or Windows 8. You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. What should you configure on Server1?

A.    A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy
B.    A condition of a Network Policy Server (NPS) network policy
C.    A condition of a Network Policy Server (NPS) connection request policy
D.    A constraint of a Network Policy Server (NPS) network policy

Answer: B

QUESTION 250
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed. You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[43]
You need to configure a pre-staged device for VM1 in the Windows Deployment Services console. Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A.    979708BFC04B45259FE0C4150BB6C618
B.    979708BF-C04B-4525-9FE0-C4150BB6C618
C.    00155D000F1300000000000000000000
D.    0000000000000000000000155D000F13
E.    00000000-0000-0000-0000-C4150BB6C618

Answer: BD
Explanation:
Use client computer’s media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.
http://technet.microsoft.com/en-us/library/cc754469.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(231-240)!

QUESTION 231
Hotspot Question
Your network contains an Active Directory domain named contoso.com. You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.

 clip_image001[72]
Answer:
 clip_image001[74]

QUESTION 232
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?

A.    Group Policy Management
B.    Server Manager
C.    Get-ADAccountResultantPasswordReplicationPolicy
D.    Active Directory Administrative Center

Answer: D
Explanation:
A. ADAC Only
B. ADAC Only
C. Gets the resultant password replication policy for an Active Directory account.
D. You must use the Windows Server 2012 R2 version of Active Directory Administrative Center to administer finegrained password policies through a graphical user interface.
http://technet.microsoft.com/en-us/library/ee617227.aspx
http://technet.microsoft.com/en-us/library/hh831702.aspx#fine_grained_pswd_policy_mgmt

QUESTION 233
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[76]
You open Active Directory Users and Computers on a client computer and connect to DC1. You display the members of a group named Group1 as shown in the Group1 Members exhibit. (Click the Exhibit button.)

 clip_image001[78]
When you view the properties of a user named Userl02, you receive the error message shown in the Error exhibit. (Click the Exhibit button.)
 clip_image001[80]
The error message does not display for any other members of Group1. You need to identify which domain controller causes the issue shown in the error message. Which domain controller should you identify?

A.    DC1
B.    DC2
C.    DC10
D.    DC11

Answer: B
Explanation:
The infrastructure master for a domain periodically examines the references, within its replica of the directory data, to objects not held on that domain controller. It queries a Global Catalog server for current information about the distinguished name and SID of each referenced object. If this information has changed, the infrastructure master makes the change in its local replica and also replicates the new values to other domain controllers within the domain.
The error hints the object reference is not updated in Infrastructure Master of Contoso.com domain.

QUESTION 234
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. All client computers run Windows 8. Users share the client computers and frequently log on to different client computers. You need to ensure that when the users save files in the Documents folder, the files are saved automatically to \\Server1\Users\. The solution must minimize the amount of network traffic that occurs when the users log on to the client computers. What should you do?

A.    From a Group Policy object (GPO), configure the Folder Redirection settings
B.    From the properties of each user account, configure the Home folder settings
C.    From the properties of each user account, configure the User profile settings
D.    From a Group Policy object (GPO), configure the Drive Maps preference.

Answer: A
Explanation:
http://en.wikipedia.org/wiki/Folder_redirection

QUESTION 235
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to configure Server1 as a network address translation (NAT) server. Which node should you use to add the NAT routing protocol? To answer, select the appropriate node in the answer area.

 clip_image002[28]
Answer:
 clip_image002[30]

QUESTION 236
Hotspot Question
You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. What should you configure? To answer, select the appropriate tab in the answer area.
 clip_image001[82]
Answer:
 clip_image001[84]

QUESTION 237
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet. Which two configurations should you perforin? (Each correct answer presents part of the solution. Choose two.)

A.    Set the MS-RAS Vendor ID condition to $teelHead.
B.    Set the Called Station ID constraint to 192.168.0.
C.    Set the Client IP4 Address condition to 192.168.0.0/24.
D.    Set the MS-RAS Vendor ID condition to ^311$.
E.    Set the Called Station ID constraint to 192.168.0.0/24.
F.    Set the Client IP4 Address condition to 192.168.0.

Answer: DF
Explanation:
D: MS-RAS-Vendor Matches "^311$" ) The condition means that the policy applies only when the version of the RADIUS client is ^311$, so subsequent settings in this policy apply only to RRAS machines.
F: Client IPv4 Address
Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.

QUESTION 238
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT).
What should you do?

A.    From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each
network adapter.
B.    From Routing and Remote Access, add an IPv4 routing protocol.
C.    From Routing and Remote Access, add an IPv6 routing protocol.
D.    From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each
network adapter.

Answer: B

QUESTION 239
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?

A.    Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group
Policy object (GPO).
B.    Configure a DNS suffix search list on the DirectAccess clients.
C.    Enable the Route all traffic through the internal network policy setting in the DirectAccess Server
Settings Group Policy object (GPO).
D.    Configure DirectAccess to enable force tunneling.

Answer: D

QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?

A.    From Active Directory Users and Computers, run the Delegation of Control Wizard
B.    From a command prompt, run the dsadd computer command
C.    From Active Directory Users and Computers, configure the Managed By settings of the RODC1 account.
D.    From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

Answer: C
Explanation:
Modify the Managed By tab of the RODC account properties in the Active Directory Users and Computers snap-in, as shown in the following figure. You can click Change to change which security principal is the delegated RODC administrator. You can choose only one security principal. Specify a security group rather than an individual user so you can control RODC administration permissions most efficiently. This method changes the managedBy attribute of the computer object that corresponds to the RODC to the SID of the security principal that you specify. This is the recommended way to specify the delegated RODC administrator account because the information is stored in AD DS, where it can be centrally managed by domain administrators.
 clip_image001[86]
Incorrect:
Not A: You delegate administration of a domain or organizational unit by using the Delegation of Control wizard available in the Active Directory Users and Computers snap- in.
Not B: dsadd group just adds a group to the Active Directory

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Pages: 1 2 ... 425 426 427 428 429 ... 448 449