Mar 2016 updated: Actualtests Microsoft 70-411 study guide 85-96

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


70-411 Product Description:
Exam Number/Code: 70-411 vce
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-411 Administering Windows Server 2012

70-411 examcollection

Exam Code: 70-411 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-411 Exam.

2016 Mar 70-411 Study Guide Questions:

Q85. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

The network contains several group Managed Service Accounts that are used by four member servers. 

You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created. 

You create a Group Policy object (GPO) named GPO1. 

What should you do next? 

A. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers organizational unit (OU). 

B. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU. 

C. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU). 

D. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU. 

Answer: A 

Explanation: 

Audit User Account Management This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed: 

. A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked. 

A user account password is set or changed. 

Security identifier (SID) history is added to a user account. 

The Directory Services Restore Mode password is set. 

Permissions on accounts that are members of administrators groups are changed. 

Credential Manager credentials are backed up or restored. 

This policy setting is essential for tracking events that involve provisioning and managing user accounts. 


Q86. Your network contains an Active Directory domain named adatum.com. The domain contains 10 domain controllers that run Windows Server 2012 R2. 

You plan to create a new Active Directory-integrated zone named contoso.com. 

You need to ensure that the new zone will be replicated to only four of the domain controllers. 

What should you do first? 

A. Create an application directory partition. 

B. Create an Active Directory connection object. 

C. Create an Active Directory site link. 

D. Change the zone replication scope. 

Answer: A 

Explanation: 

Application directory partitions An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition. 


Q87. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. 

All client computers run Windows 8 Enterprise. 

DC1 contains a Group Policy object (GPO) named GPO1. 

You need to deploy a VPN connection to all users. 

What should you configure from User Configuration in GPO1? 

A. Policies/Administrative Templates/Network/Windows Connect Now 

B. Policies/Administrative Templates/Network/Network Connections 

C. Policies/Administrative Templates/Windows Components/Windows Mobility Center 

D. Preferences/Control Panel Settings/Network Options 

Answer: D 

Explanation: 

1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. 

2. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. 

3. Right-click the Network Options node, point to New, and select VPN Connection. 

The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension. 

Reference: http: //technet.microsoft.com/en-us/library/cc772449.aspx 


Q88. HOTSPOT 

Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers that run Windows Server 2012 R2. 

You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers. 

You need to configure BitLocker policies for the file servers to meet the following requirements: 

. Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker. 

. Ensure that the BitLocker recovery key and recovery password are stored in Active 

Directory. Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area. 


Answer: 



70-411 test

Up to date 70-411 simulations:

Q89. You have Windows Server 2012 R2 installation media that contains a file named Install.wim. 

You need to identify which images are present in Install.wim. 

What should you do? 

A. Run imagex.exe and specify the /ref parameter. 

B. Run dism.exe and specify the /get-mountedwiminfo parameter. 

C. Run dism.exe and specify the /get-imageinfo parameter. 

D. Run imagex.exe and specify the /verify parameter. 

Answer: C 

Explanation: 

Option: 

/Get-ImageInfo 

Arguments: 

/ImageFile: <path_to_image.wim> 

[{/Index: <Image_index> | /Name: <Image_name>}] 

Displays information about the images that are contained in the .wim, vhd or .vhdx file. 

When used with the Index or /Name argument, information about the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 

Update, see Take Inventory of an Image or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index: 1 for VHD files. 

References: 

http: //technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx 

http: //technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx 

http: //technet.microsoft.com/en-us/library/hh825224.aspx 


Q90. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify which domain controllers are authorized to be cloned by using virtual domain controller cloning. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer: D 

Explanation: One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role. 

Example: Command Prompt: C:\PS> Get-ADDomain 

Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com 

Reference: Step-by-Step: Domain Controller Cloning 

http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx 

Reference: Get-ADDomain 

https://technet.microsoft.com/en-us/library/ee617224.aspx 


Q91. Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1. 

Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1. 

You need to copy GPO1 from dev.contoso.com to contoso.com. 

What should you do first on DC2? 

A. From the Group Policy Management console, right-click GPO1 and select Copy. 

B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter. 

C. Run the Save-NetGpocmdlet. 

D. Run the Backup-Gpocmdlet. 

Answer: A 

Explanation: 

To copy a Group Policy object: 

In the GPMC console tree, right-click the GPO that you want to copy, and then click Copy. 

To create a copy of the GPO in the same domain as the source GPO, right-click Group Policy objects, click Paste, specify permissions for the new GPO in the Copy GPO box, and then click OK. 

For copy operations to another domain, you may need to specify a migration table. 

The Migration Table Editor (MTE) is provided with Group Policy Management Console (GPMC) to facilitate the editing of migration tables. Migration tables are used for copying or importing Group Policy objects (GPOs) from one domain to another, in cases where the GPOs include domain-specific information that must be updated during copy or import. 

Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available. 

Copy a Group Policy Object with the Group Policy Management Console (GPMC) 

You can copy a Group Policy object (GPO) either by using the drag-and-drop method or right-click method. 

Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012 

References: 

http://technet.microsoft.com/en-us/library/cc785343(v=WS.10).aspx 

http://technet.microsoft.com/en-us/library/cc733107.aspx 


Q92. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise. 

You implement a Group Policy central store. 

You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers. 

You need to deploy the custom registry setting. The solution must minimize administrator effort. 

What should you configure in a Group Policy object (GPO)? 

A. The Software Installation settings 

B. The Administrative Templates 

C. An application control policy 

D. The Group Policy preferences 

Answer: D 

Explanation: 

. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. 

. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Windows Settings folder. 

. Right-click the Registry node, point to New, and select Registry Item. 

Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). 

You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. The Group Policy Management Editor (GPME) includes Group Policy preferences. 

References: http: //technet.microsoft.com/en-us/library/gg699429.aspx http: //www. unidesk. com/blog/gpos-set-custom-registry-entries-virtual-desktops-disabling-machine-password 




70-411 actual test

Best Quality 70-411 dumps:

Q93. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. 

You have a Password Settings object (PSOs) named PSO1. 

You need to view the settings of PSO1. 

Which tool should you use? 

A. Get-ADDefaultDomainPasswordPolicy 

B. Active Directory Administrative Center 

C. Local Security Policy 

D. Get-ADAccountResultantPasswordReplicationPolicy 

Answer: B 

Explanation: 

In Windows Server 2012, fine-grained password policy management is made much easier than Windows Server 2008/2008 R2. Windows Administrators not have to use ADSI Edit and configure complicated settings to create the Password Settings Object (PSO) in the Password Settings Container. Instead we can configure fine-grained password policy directly in Active Directory Administrative Center (ADAC). 


Q94. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed. 

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1. 

You need to configure replica downstream servers to send Server1 summary information about the computer update status. 

What should you do? 

A. From Server1, configure Reporting Rollup. 

B. From Server2, configure Reporting Rollup. 

C. From Server2, configure Email Notifications. 

D. From Server1, configure Email Notifications. 

Answer: A 

Explanation: 

WSUS Reporting Rollup Sample Tool 

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file. 

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx 


Q95. Your network contains two Active Directory domains named contoso.com and adatum.com. 

The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone. 

You need to configure Server1 to resolve names in the adatum.com domain. The solution must meet the following requirements: 

Prevent the need to change the configuration of the current name servers that host zones for adatum.com. Minimize administrative effort. 

Which type of zone should you create? 

A. Secondary 

B. Stub 

C. Reverse lookup 

D. Primary 

Answer: B 

Explanation: 

When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone. 

A stub zone is a copy of a zone that contains only necessary resource records (Start of Authority (SOA), Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the authoritative name server. The stub zone allows the server to forward queries to the name server that is authoritative for the master zone without going up to the root name servers and working its way down to the server. While a stub zone can improve performance, it does not provide redundancy or load sharing. 


You can use stub zones to: 

Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone. 

Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers, without having to query the Internet or an internal root server for the DNS namespace. 

Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy and load sharing. 

There are two lists of DNS servers involved in the loading and maintenance of a stub zone: 

The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone. 

The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records. 

When a DNS server loads a stub zone, such as widgets. tailspintoys.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets. tailspintoys.com. The list of master servers may contain a single server or multiple servers, and it can be changed anytime. 

References: http: //technet.microsoft.com/en-us/library/cc771898.aspx http: //technet.microsoft.com/en-us/library/cc754190.aspx http: //technet.microsoft.com/en-us/library/cc730980.aspx 


Q96. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify which security principals are authorized to have their password cached on RODC1. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer: B 



see more 70-411 dumps