Administering Windows Server 2012
Question No: 151 – (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs). You have a Windows image file named file1.wim.
You need to add an image of a volume to file1.wim. What should you do?
Run imagex.exe and specify the /append parameter.
Run imagex.exe and specify the /export parameter.
Run dism.exe and specify the /image parameter.
Run dism.exe and specify the /append-image parameter.
Explanation: The Deployment Image Servicing and Management (DISM) tool is a command-line tool that enables the creation of Windows image (.wim) files for deployment in a manufacturing or corporate IT environment. The /Append-Image option appends a volume image to an existing .wim file allowing you to store many customized Windows images in a fraction of the space. When you combine two or more Windows image files into
a single .wim, any files that are duplicated between the images are only stored once.
Not A, Not B: Imagex has been retired and replaced by dism.
Reference: Append a Volume Image to an Existing Image Using DISM https://technet.microsoft.com/en-us/library/hh824916.aspx
Question No: 152 HOTSPOT – (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.
Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.
You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.
Which two nodes should you configure from the Network Policy Server console? To answer, select the appropriate two nodes in the answer area.
Question No: 153 – (Topic 2)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1. You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1. What should you do?
Modify the members of the Remote Management Users group.
Add a RADIUS client.
Modify the Dial-in setting of User1.
Create a connection request policy.
Answer: C Explanation:
Access permission is also granted or denied based on the dial-in properties of each user account.
Question No: 154 – (Topic 2)
Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com.
All servers dynamically register their host names.
You install three new Web servers that host identical copies of your company#39;s intranet website. The servers are configured as shown in the following table.
You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the three Web servers.
What is the minimum number of DNS records that you should create manually?
Answer: B Explanation:
To create DNS Host (A) Records for all internal pool servers
Click Stabrt, click All Programs, click Administrative Tools, and then click DNS.
In DNS Manager, click the DNS Server that manages your records to expand it.
Click Forward Lookup Zones to expand it.
Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA).
In the Name box, type the name of the host record (the domain name will be automatically appended).
In the IP Address box, type the IP address of the individual Front End Server and then select Create associated pointer (PTR) record or Allow any authenticated user to update DNS records with the same owner name, if applicable.
Continue creating records for all member Front End Servers that will participate in DNS Load Balancing.
For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create the following DNS entries:
http: //technet. microsoft. com/en-us/library/cc772506. aspx http: //technet. microsoft. com/en-us/library/gg398251. aspx
Question No: 155 – (Topic 2)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
The Secedit command
Group Policy Management Console (GPMC)
The Gpupdate command
Answer: B Explanation:
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.
Starting with Windows Server庐 2012 and Windows庐 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
http: //technet. microsoft. com/en-us//library/jj134201. aspx
http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows- server-2012-using-remote-gpupdate. aspx
Question No: 156 HOTSPOT – (Topic 2)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use? To answer, select the appropriate naming context in the answer area.
Starting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer will you need an authoritative restore to recover deleted users, groups, OU’s, or other objects. Instead, it is now possible to use PowerShell commands to bring back objects with all their attributes, backlinks, group memberships, and metadata.
The amount of time that an object can be recovered is controlled by the Deleted Object Lifetime (DOL). This time range can be set on the msDS-deletedObjectLifetime attribute. By default, it will be the same number of days as the Tombstone Lifetime (TSL). The TSL set for a new forest since Windows Server 2003 SP1 has been 180 days*, and since by default DOL = TSL, the default number of days that an object can be restored is therefore 180 days. If tombstoneLifetime is NOT SET or NULL, the tombstone lifetime is that of the
Windows default: 60 days. This is all configurable by the administrator.
Set-ADObject -Identity quot;CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=comquot; -Partition quot;CN=Configuration,DC=contoso,DC=comquot; -Replace: @(quot;msDS-DeletedObjectLifetimequot; = 365)
msDS-deletedObjectLifetime New to Windows Server 2008 R2
Is set on the “CN=Directory Service,CN=Windows NT, CN=Services, CN=Configuration, DC=COMPANY,DC=COM” container
Describes how long a deleted object will be restorable
To modify the deleted object lifetime by using Ldp.exe
To open Ldp.exe, click Start, click Run, and then type ldp.exe.
To connect and bind to the server hosting the forest root domain of your Active Directory environment, under Connections, click Connect, and then click Bind.
In the console tree, right-click the CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration container, and then click Modify.
In the Modify dialog box, in Edit Entry Attribute, type msDS-DeletedObjectLifeTime.
In the Modify dialog box, in Values, type the number of days that you want to set for the tombstone lifetime value. (The minimum is 3 days.)
In the Modify dialog box, under Operation click Replace, click Enter, and then click Run.
http: //technet. microsoft. com/en-us/library/dd392260(v=ws. 10). aspx
http: //blogs. technet. com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding- implementing-best-practices-and-troubleshooting. aspx
Question No: 157 – (Topic 2)
Your network contains two Active Directory forests named contoso.com and adatum.com. All domain controllers run Windows Server 2012 R2.
The adatum.com domain contains a Group Policy object (GPO) named GPO1. An administrator from adatum.com backs up GPO1 to a USB flash drive.
You have a domain controller named dc1.contoso.com. You insert the USB flash drive in dc1.contoso.com.
You need to identify the domain-specific reference in GPO1. What should you do?
From the Migration Table Editor, click Populate from Backup.
From Group Policy Management, run the Group Policy Modeling Wizard.
From Group Policy Management, run the Group Policy Results Wizard.
From the Migration Table Editor, click Populate from GPO.
Question No: 158 – (Topic 2)
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
The Called Station ID constraints
The MS-Service Class conditions
The Health Policies conditions
The NAS Port Type constraints
The NAP-Capable Computers conditions
Question No: 159 – (Topic 2)
Your network contains multiple Active Directory sites.
You have a Distributed File System (DFS) namespace that has a folder target in each site. You discover that some client computers connect to DFS targets in other sites.
You need to ensure that the client computers only connect to a DFS target in their respective site.
What should you modify?
The properties of the Active Directory sites
The properties of the Active Directory site links
The delegation settings of the namespace
The referral settings of the namespace
Question No: 160 – (Topic 2)
You have a Windows Server Update Services (WSUS) server named Server1.. Server1 synchronizes from Microsoft Update.
You plan to deploy a new WSUS server named Server2. Server2 will synchronize updates from Server1. Server2 will be separated from Server1 by a firewall.
You need to identify which port must be open on the firewall so that Server2 can synchronize the updates.
Which port should you identify?
Answer: A Explanation:
WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator. By default, these ports are configured as follows:
On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS
On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS
The firewall on the WSUS server must be configured to allow inbound traffic on these ports. https://technet.microsoft.com/en-us/library/hh852346.aspx
100% Free Download!
–Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
–Download 2017 Latesttests 70-411 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|