70-411 courses(13 to 24) for consumer: Apr 2016 Edition


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-411 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: http://www.certleader.com/70-411-dumps.html


70-411 Product Description:
Exam Number/Code: 70-411 vce
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-411 Administering Windows Server 2012

70-411 examcollection

Top Quality of 70-411 practice test materials and interactive bootcamp for Microsoft certification for customers, Real Success Guaranteed with Updated 70-411 pdf dumps vce Materials. 100% PASS Administering Windows Server 2012 exam Today!

2016 Apr 70-411 Study Guide Questions:

Q13. Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2. 

A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily. 

During routine maintenance, you delete a group named Group1. 

You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort. 

What should you do first? 

A. Perform an authoritative restore of Group1. 

B. Mount the most recent Active Directory backup. 

C. Use the Recycle Bin to restore Group1. 

D. Reactivate the tombstone of Group1. 

Answer: A 

Explanation: 

The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners. 


Q14. HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys. 

What should you modify? 

To answer, select the appropriate object in the answer area. 


Answer: 



Q15. DRAG DROP 

Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. 

The schema is upgraded to Windows Server 2012 R2. 

Contoso.com contains two servers. The servers are configured as shown in the following table. 


Server1 and Server2 host a load-balanced application pool named AppPool1. 

You need to ensure that AppPool1 uses a group Managed Service Account as its identity. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 


Answer: 



Q16. Your network contains an Active Directory domain named contoso.com. The domain 

contains a server named Server1 that runs Windows Server 2012 R2. 

You enable and configure Routing and Remote Access (RRAS) on Server1. 

You create a user account named User1. 

You need to ensure that User1 can establish VPN connections to Server1. 

What should you do? 

A. Modify the members of the Remote Management Users group. 

B. Add a RADIUS client. 

C. Modify the Dial-in setting of User1. 

D. Create a connection request policy. 

Answer: C 

Explanation: 

Access permission is also granted or denied based on the dial-in properties of each user account. 

http://technet.microsoft.com/en-us/library/cc772123.aspx 


70-411 download

Refresh 70-411 free practice questions:

Q17. Your company has a main office and two branch offices. The main office is located in New York. The branch offices are located in Seattle and Chicago. 

The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. Active Directory site links exist between the main office and the branch offices. All servers run Windows Server 2012 R2. 

The domain contains three file servers. The file servers are configured as shown in the following table. 


You implement a Distributed File System (DFS) replication group named ReplGroup. 

ReplGroup is used to replicate a folder on each file server. ReplGroup uses a hub and spoke topology. NYC-SVR1 is configured as the hub server. 

You need to ensure that replication can occur if NYC-SVR1 fails. 

What should you do? 

A. Create an Active Directory site link bridge. 

B. Create an Active Directory site link. 

C. Modify the properties of Rep1Group. 

D. Create a connection in Rep1Group. 

Answer: D 

Explanation: 

Unsure about this answer. 

D: 


A: 

The Bridge all site links option in Active Directory must be enabled. (This option is available in the Active Directory Sites and Services snap-in.) Turning off Bridge all site links can affect the ability of DFS to refer client computers to target computers that have the least expensive connection cost. An Intersite Topology Generator that is running Windows Server 2003 relies on the Bridge all site links option being enabled to generate the intersite cost matrix that DFS requires for its site-costing functionality. If you turn off this option, you must create site links between the Active Directory sites for which you want DFS to calculate accurate site costs. Any sites that are not connected by site links will have the maximum possible cost. For more information about site link bridging, see “Active Directory Replication Topology Technical Reference.” 


Reference: 

http: //faultbucket. ca/2012/08/fixing-a-dfsr-connection-problem/ 

http: //faultbucket. ca/2012/08/fixing-a-dfsr-connection-problem/ 

http: //technet. microsoft. com/en-us/library/cc771941. aspx 


Q18. HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. 

You need to install the RIP version 2 routing protocol on Server1. 

Which node should you use to add the RIP version 2 routing protocol? 

To answer, select the appropriate node in the answer area. 


Answer: 



Q19. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. 

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.) 


You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1. 

What should you do? 

A. In Servers GPO, modify the Advanced Audit Configuration settings. 

B. On Server1, attach a task to the security log. 

C. In Servers GPO, modify the Audit Policy settings. 

D. On Server1, attach a task to the system log. 

Answer: A 

Explanation: 

When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings. The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings. 

Enabling Advanced Audit Policy Configuration 

Basic and advanced audit policy configurations should not be mixed. As such, it’s best practice to enable Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found under Computer Configuration\Policies\Security Settings\Local Policies\Security Options, and sets the SCENoApplyLegacyAuditPolicy registry key to prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in. 

In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously, there were nine basic auditing settings under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. These 53 new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity. 

Audit Policy settings 

Any changes to user account and resource permissions. 

Any failed attempts for user logon. 

Any failed attempts for resource access. 

Any modification to the system files. 

Advanced Audit Configuration Settings 

Audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as: 

. A group administrator has modified settings or data on servers that contain finance information. 

. An employee within a defined group has accessed an important file. 

. The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access. 

In Servers GPO, modify the Audit Policy settings - enabling audit account management setting will generate events about account creation, deletion and so on. 

Advanced Audit Configuration Settings 

Advanced Audit Configuration Settings ->Audit Policy 

-> Account Management -> Audit User Account Management 


In Servers GPO, modify the Audit Policy settings - enabling audit account management setting will generate events about account creation, deletion and so on. 


Reference: 

http: //blogs. technet. com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory. aspx 

http: //technet. microsoft. com/en-us/library/dd772623%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/jj852202(v=ws. 10). aspx 

http: //www. petri. co. il/enable-advanced-audit-policy-configuration-windows-server. htm 

http: //technet. microsoft. com/en-us/library/dd408940%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/dd408940%28v=ws. 10%29. 

aspx#BKMK_step2 


Q20. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. 

You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. The Called Station ID constraints 

B. The MS-Service Class conditions 

C. The Health Policies conditions 

D. The NAS Port Type constraints 

E. The NAP-Capable Computers conditions 

Answer: C,E 

Reference: 

http://technet.microsoft.com/en-us/library/cc753603.aspx 

http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/cc731560.aspx 


70-411 practice

Approved 70-411 vce:

Q21. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2. 

The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.) 


You need to enable access-based enumeration on the DFS namespace. 

What should you do first? 

A. Raise the domain functional level. 

B. Raise the forest functional level. 

C. Install the File Server Resource Manager role service on Server3 and Server5. 

D. Delete and recreate the namespace. 

Answer: D 

Explanation: 

Access-based enumeration is only supported on a Domain-based Namespace in Windows Server 2008 Mode. This type of Namespace requires a minimum Windows Server 2003 forest functional level and a minimum Windows Server 2008 domain functional level. 

The exhibit indicates that the current namespace is a Domain-based Namespace in Windows Server 2000 Mode. To migrate a domain-based namespace from Windows 2000 Server mode to Windows Server 2008 mode, you must export the namespace to a file, delete the namespace, recreate it in Windows Server 2008 mode, and then import the namespace settings. 

http://msdn.microsoft.com/en-us/library/cc770287.aspx http://msdn.microsoft.com/en-us/library/cc753875.aspx 


Q22. HOTSPOT 

Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York. 

The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed. 

All client computers obtain their IPv4 and IPv6 addresses from DHCP. 

You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office. 

Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.

 

Answer: 



Q23. You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim. 

What should you do? 

A. Run dism.exe and specify the /get-mountedwiminfo parameter. 

B. Run imagex.exe and specify the /verify parameter. 

C. Run imagex.exe and specify the /ref parameter. 

D. Run dism.exe and specify the/get-imageinfo parameter. 

Answer: A 

Explanation: 

/Get-MountedWimInfo Lists the images that are currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted image index. 

References: 

 http: //technet. microsoft. com/en-us/library/cc749447(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/dd744382(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/hh825224. aspx 


Q24. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed. 

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1. 

You need to configure replica downstream servers to send Server1 summary information about the computer update status. 

What should you do? 

A. From Server1, configure Reporting Rollup. 

B. From Server2, configure Reporting Rollup. 

C. From Server2, configure Email Notifications. 

D. From Server1, configure Email Notifications. 

Answer: A 

Explanation: 

WSUS Reporting Rollup Sample Tool 

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file. 

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx 



see more Administering Windows Server 2012