[Free] 2017(Nov) Latesttests Pass4sure Microsoft 70-411 Dumps with VCE and PDF Download 21-30

Latesttests 2017 Nov Microsoft Official New Released 70-411
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/70-411.html

Administering Windows Server 2012

Question No: 21 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.

You create a global group named RODC_Admins.

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.

What should you do?

  1. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

  2. From Windows PowerShell, run the Set-ADAccountControlcmdlet.

  3. From a command prompt, run the dsmgmt local roles command.

  4. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.

Answer: C Explanation:

RODC: using the dsmgmt.exe utility to manage local administrators

One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this

type of user is done using the dsmdmt.exe utility at the command prompt.

Question No: 22 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.

The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.

Server1 provides VPN access to external users.

You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.

What should you run?

  1. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled – SharedSecret quot;Secretquot; -Purpose Accounting

  2. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled

  3. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled – SharedSecret quot;Secretquot; -Purpose Accounting

  4. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled

Answer: C Explanation:

Add-RemoteAccessRadius

Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess (DA) and VPN, or one-time password (OTP) authentication for DA. AccountingOnOffMsglt;Stringgt;

Indicates the enabled state for sending of accounting on or off messages. The acceptable values for this parameter are:

->Enabled.

->Disabled. This is the default value.

This parameter is applicable only when the RADIUS server is being added for Remote Access accounting.

Question No: 23 – (Topic 1)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server.

You need to configure Server1 to perform network address translation (NAT). What should you do?

  1. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network adapter.

  2. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network adapter.

  3. From Routing and Remote Access, add an IPv6 routing protocol.

  4. From Routing and Remote Access, add an IPv4 routing protocol.

    Answer: D Explanation:

    To configure an existing RRAS server to support both VPN remote access and NAT routing:

    1. Open Server Manager.

    2. Expand Roles, and then expand Network Policy and Access Services.

    3. Right-click Routing and Remote Access, and then click Properties.

    4. Select IPv4 Remote access Server or IPv6 Remote access server, or both.

      Question No: 24 – (Topic 1)

      You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.

      Server1 has a folder named Folder1 that is used by the human resources department.

      You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1.

      What should you configure on Server1?

      1. a storage report task

      2. a file screen exception

      3. a file screen

      4. a file group

Answer: C Explanation:

Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files.

With File Server Resource Manager (FSRM) you can create file screens that prevent users from saving unauthorized files on volumes or folders.

File Screen Enforcement:

You can create file screens to prevent users from saving unauthorized files on volumes or folders. There are two types of file screen enforcement: active and passive enforcement. Active file screen enforcement does not allow the user to save an unauthorized file.

Passive file screen enforcement allows the user to save the file, but notifies the user that the file is not an authorized file. You can configure notifications, such as events logged to the event log or e-mails sent to users and administrators, as part of active and passive file screen enforcement.

Question No: 25 – (Topic 1)

Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2.

On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events

are collected automatically on Server1. What should you do?

  1. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

  2. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

  3. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

  4. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

    Answer: A Explanation:

    Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.

    1. Run the following command from an elevated privilege command prompt on the Windows Server domain controller to configure Windows Remote Management: winrm qc

      -q.

    2. Start group policy by running the following command:

      %SYSTEMROOT%\System32\gpedit. msc.

    3. Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event Forwarding node.

    4. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting.

    5. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force.

      If you want to configure a source computer-initiated subscription, you need to configure the following group policies on the computers that will act as the event forwarders:

  • (A) Configure Target Subscription Manager This policy enables you to set the location of the collector computer.

  • Question No: 26 – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.

    Latesttests 2017 PDF and VCE

    The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtual machine that is hosted on Server1.

    You need to ensure that you can clone DC6. Which FSMO role should you transfer to DC2?

        1. Rid master

        2. Domain naming master

        3. PDC emulator

        4. Infrastructure master

    Answer: C Explanation:

    The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor.

    Reference:

    http: //technet. microsoft. com/en-us/library/hh831734. aspx

    Question No: 27 – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.

    You run ntdsutil as shown in the exhibit. (Click the Exhibit button.)

    Latesttests 2017 PDF and VCE

    You need to ensure that you can access the contents of the mounted snapshot. What should you do?

    1. From the snapshot context of ntdsutil, run activate instance quot;NTDSquot;.

    2. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 389.

    3. From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0- 2f56d827a57d}.

    4. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 33389.

    Answer: D Explanation:

    By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain sensitive AD DS data. If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you run Dsamain.exe.

    If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use.

    A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).

    Latesttests 2017 PDF and VCE

    References:

    http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx

    Question No: 28 HOTSPOT – (Topic 1)

    Your network contains an Active Directory domain named contoso.com. The domain contains the users shown in the following table.

    Latesttests 2017 PDF and VCE

    You have a Network Policy Server (NPS) server that has the network policies shown in the following table.

    Latesttests 2017 PDF and VCE

    User1, User2, and User3 plan to connect to the network by using a VPN. You need to identify which network policy will apply to each user.

    What should you identify?

    To answer, select the appropriate policy for each user in the answer area.

    Latesttests 2017 PDF and VCE

    Latesttests 2017 PDF and VCE

    Answer:

    Latesttests 2017 PDF and VCE

    Explanation:

    Latesttests 2017 PDF and VCE

    When you configure multiple network policies in NPS, the policies are an ordered list of rules. NPS evaluates the policies in listed order from first to last. If there is a network policy that matches the connection request, NPS uses the policy to determine whether to grant or deny access to the user or computer connection.

    Network policies are evaulated according to the processing order. Once a match is found, no further network policy is processed.

    Policies are processed in this order:

    -Policy2 (applies only to members of Group1)

    -Policy1 (applies to all users during specified time slot)

    -Policy3 (applies only to members of Group2)

    Since policy1 will always apply (sunday 0:00 to saturday 24:00 = always), policy3 will never be evaluated.

    Correct answer is : User1: Policy2 User2: Policy1 User3: Policy1

    https://technet.microsoft.com/en-us/library/cc732724(v=ws.10).aspx

    Question No: 29 – (Topic 1)

    You have a server named Server 1.

    You enable BitLocker Drive Encryption (BitLocker) on Server 1.

    You need to change the password for the Trusted Platform Module (TPM) chip. What should you run on Server1?

    1. Manage-bde.exe

    2. Set-TpmOwnerAuth

    3. bdehdcfg.exe

    4. tpmvscmgr.exe

    Answer: B Explanation:

    The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.

    Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value.

    Question No: 30 – (Topic 1)

    Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.

    The domain contains two domain controllers. The domain controllers are configured as shown in the following table.

    Latesttests 2017 PDF and VCE

    Active Directory Recycle Bin is enabled.

    You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.

    You need to restore the membership of Group1. What should you do?

    1. Recover the items by using Active Directory Recycle Bin.

    2. Modify the Recycled attribute of Group1.

    3. Perform tombstone reanimation.

    4. Perform an authoritative restore.

    5. Perform a non- authoritative restore.

    Answer: A Explanation:

    Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.

    When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.

    100% Free Download!
    Download Free Demo:70-411 Demo PDF
    100% Pass Guaranteed!
    Download 2017 Latesttests 70-411 Full Exam PDF and VCE

    Latesttests ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

    2017 Latesttests IT Certification PDF and VCE

    Leave a Reply

    Your email address will not be published. Required fields are marked *