Administering Windows Server 2012
Question No: 71 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests.
On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group.
On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition.
Configure each Remote Access server to use a RADIUS server named NPS1.
On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
Answer: C,D Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
Question No: 72 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP or Windows 8.
Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV).
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)
Antispyware is up to date.
Automatic updating is enabled.
Antivirus is up to date.
A firewall is enabled for all network connections.
An antispyware application is on.
Answer: B,C,D Explanation:
The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware applications.
Question No: 73 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com.
You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.
You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders.
You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort.
Which two audit policies should you configure in GPO1? To answer, select the appropriate two objects in the answer area.
Question No: 74 – (Topic 1)
Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.
Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.
You need to copy GPO1 from dev.contoso.com to contoso.com. What should you do first on DC2?
From the Group Policy Management console, right-click GPO1 and select Copy.
Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter.
Run the Save-NetGpocmdlet.
Run the Backup-Gpocmdlet.
Answer: A Explanation:
To copy a Group Policy object:
In the GPMC console tree, right-click the GPO that you want to copy, and then click Copy. To create a copy of the GPO in the same domain as the source GPO, right-click Group Policy objects, click Paste, specify permissions for the new GPO in the Copy GPO box, and then click OK.
For copy operations to another domain, you may need to specify a migration table.
The Migration Table Editor (MTE) is provided with Group Policy Management Console (GPMC) to facilitate the editing of migration tables. Migration tables are used for copying or importing Group Policy objects (GPOs) from one domain to another, in cases where the GPOs include domain-specific information that must be updated during copy or import.
Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available.
Copy a Group Policy Object with the Group Policy Management Console (GPMC)
You can copy a Group Policy object (GPO) either by using the drag-and-drop method or right-click method.
Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012
Question No: 75 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise.
You implement a Group Policy central store.
You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers.
You need to deploy the custom registry setting. The solution must minimize administrator effort.
What should you configure in a Group Policy object (GPO)?
The Software Installation settings
The Administrative Templates
An application control policy
The Group Policy preferences
Answer: D Explanation:
->Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.
->In the console tree under Computer Configuration or User Configuration, expand
the Preferences folder, and then expand the Windows Settings folder.
->Right-click the Registry node, point to New, and select Registry Item.
Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later).
You can also use Group Policy preferences to configure applications that are not Group
Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. The Group Policy Management
Editor (GPME) includes Group Policy preferences.
http: //www. unidesk. com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling- machine-password
Question No: 76 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
The domain is renamed to adatum.com. Group Policies no longer function correctly.
You need to ensure that the existing GPOs are applied to users and computers. You want to achieve this goal by using the minimum amount of administrative effort.
What should you use?
Answer: C Explanation:
You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and NetBIOS names after a domain rename operation.
Reference: http: //technet. microsoft. com/en-us/library/hh852336(v=ws. 10). aspx
Question No: 77 – (Topic 1)
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2.
All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers.
A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group.
You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short.
You need to tell User1 what her minimum password length is. What should you tell User1?
Answer: A Explanation:
One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In this case, the PSO that has the precedence value of 2 has a higher rank and, hence, is applied to the object.
Question No: 78 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com.
You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be available only on DC5 and DCG. What should you do first?
Change the zone replication scope.
Create an Active Directory connection object.
Create an Active Directory site link.
Create an application directory partition.
Answer: D Explanation:
You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition.
Question No: 79 – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?
Run the dsamain.exe command.
Stop the Active Directory Domain Services (AD DS) service.
Start the Volume Shadow Copy Service (VSS).
Run the ntdsutil.exe command.
Answer: A Explanation:
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server.
Question No: 80 HOTSPOT – (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.
Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.
You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
100% Free Download!
–Download Free Demo:70-411 Demo PDF
100% Pass Guaranteed!
–Download 2017 Latesttests 70-411 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|