Top 12 ebook 70-411 for IT specialist (37 to 48)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on:

70-411 Product Description:
Exam Number/Code: 70-411 vce
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-411 Administering Windows Server 2012

70-411 examcollection

Exam Code: 70-411 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-411 Exam.

2021 Apr 70-411 Study Guide Questions:

Q37. You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed. 

You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.) 

You need to configure a pre-staged device for VM1 in the Windows Deployment Services console. 

Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.) 

A. 979708BFC04B45259FE0C4150BB6C618 

B. 979708BF-C04B-4525-9FE0-C4150BB6C618 

C. 00155D000F1300000000000000000000 

D. 0000000000000000000000155D000F13 

E. 00000000-0000-0000-0000-C4150BB6C618 

Answer: B,D 


Use client computer's media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX-XXXXXXXXXXXX}. 

Reference: http: //technet. microsoft. com/en-us/library/cc754469. aspx 

Q38. Your network contains an Active Directory domain named The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. 

Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1. 

Users report that App1 responds more slowly than expected. 

You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1. 

Which performance object should you monitor on Server1? 

A. Processor 

B. Hyper-V Hypervisor Virtual Processor 

C. Hyper-V Hypervisor Logical Processor 

D. Hyper-V Hypervisor Root Virtual Processor 

E. Process 

Answer: C 


In the simplest way of thinking the virtual processor time is cycled across the available logical processors in a round-robin type of fashion. Thus all the processing power gets used over time, and technically nothing ever sits idle. To accurately measure the processor utilization of a guest operating system, use the “Hyper-V Hypervisor Logical Processor (Total)% Total Run Time” performance monitor counter on the Hyper-V host operating system. 

Q39. You have the following Windows PowerShell Output. 

You need to create a Managed Service Account. 

What should you do? 

A. Run New-ADServiceAccount –Name “service01” –DNSHostName –SAMAccountName service01. 

B. Run New-AuthenticationPolicySilo, and then run New-ADServiceAccount –Name “service01” –DNSHostName 

C. Run Add-KDSRootKey, and then run New-ADServiceAccount –Name “service01” –DNSHostName 

D. Run Set-KDSConfiguration, and then run New-ADServiceAccount –Name “service01” –DNSHostName 

Answer: C 

Explanation: From the exhibit we see that the required key does not exist. First we create this key, then we create the managed service account. 

The Add-KdsRootKey cmdlet generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory (AD). The Microsoft Group KdsSvc generates new group keys from the new root key. 

The New-ADServiceAccount cmdlet creates a new Active Directory managed service account. 

Reference: New-ADServiceAccount 

Reference: Add-KdsRootKey 


Q40. Your network contains an Active Directory domain named All domain controllers run Windows Server 2012. 

You pre-create a read-only domain controller (P.QDC) account named RODC1. 

You export the settings of RODC1 to a file named Filel.txt. 

You need to promote RODC1 by using File1.txt. 

Which tool should you use? 

A. The Install-WindowsFeature cmdlet 

B. The Add-WindowsFeature cmdlet 

C. The Dism command 

D. The Install-ADDSDomainController cmdlet 

E. the Dcpromo command 

Answer: E 

70-411 free practice questions

Improved 70-411 exam price:

Q41. Your network contains an Active Directory domain named The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed. 

You plan to deploy 802. lx authentication to secure the wireless network. 

You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.1x deployment. 

Which authentication method should you identify? 




D. MS-CHAP v2 

Answer: C 


802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods: 

. EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. 

. EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate-based security environments, and it provides the strongest authentication and key determination method. 

. EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication. 

. PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols. 

Q42. Your network contains an Active Directory forest named The forest contains a single domain. All domain controllers run Windows Server 2012 R2. 

The domain contains two domain controllers. The domain controllers are configured as shown in the following table. 

Active Directory Recycle Bin is enabled. 

You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago. 

You need to restore the membership of Group1. 

What should you do? 

A. Recover the items by using Active Directory Recycle Bin. 

B. Modify the Recycled attribute of Group1. 

C. Perform tombstone reanimation. 

D. Perform an authoritative restore. 

Answer: A 


Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers. 

When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains. 

Q43. You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled. 

You enable BitLocker on a Cluster Shared Volume (CSV). 

You need to ensure that all of the cluster nodes can access the CSV. 

Which cmdlet should you run next? 

A. Unblock-Tpm 

B. Add-BitLockerKeyProtector 

C. Remove-BitLockerKeyProtector 

D. Enable BitLockerAutoUnlock 

Answer: B 


4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The Active Directory protector is a domain security identifier (SID) based protector for protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a user account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active Directory identity associated with the Cluster Network name, as a BitLocker protector to the target disk volumes. Add-BitLockerKeyProtector <drive letter or CSV mount point> -ADAccountOrGroupProtector – ADAccountOrGroup $cno 


You have a WIM file that contains an image of Windows Server 2012 R2. 

Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image. 

You need to remove the MSU package from the image. 

Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order. 


70-411 practice

Approved 70-411 training materials:

Q45. Your company has a main office and a branch office. 

The network contains an Active Directory domain named 

The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for 

The main office connects to the branch office by using an unreliable WAN link. 

You need to ensure that Server1 can resolve names in if the WAN link in unavailable for three days. 

Which setting should you modify in the start of authority (SOA) record? 

A. Retry interval 

B. Refresh interval 

C. Expires after 

D. Minimum (default) TTL 

Answer: C 


Used by other DNS servers that are configured to load and host the zone to determine when zone data expires if it is not renewed 

Q46. You have a DNS server that runs Windows Server 2012 R2. The server hosts the zone for and is accessible from the Internet. 

You need to create a DNS record for the Sender Policy Framework (SPF) to list the hosts that are authorized to send email for 

Which type of record should you create? 

A. mail exchanger (MX) 

B. resource record signature (RRSIG) 

C. text (TXT) 

D. name server (NS) 

Answer: C 

Q47. You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. 

You configure a custom service on VM1 named Service1. 

You need to ensure that VM1 will be moved to a different node if Service1 fails. 

Which cmdlet should you run on Cluster1? 

A. Add-ClusterVmMonitoredItem 

B. Add-ClusterGenericServiceRole 

C. Set-ClusterResourceDependency 

D. Enable VmResourceMetering 

Answer: A 


The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource. For example, the configuration might specify that the virtual machine be restarted. 

Q48. Your network contains an Active Directory domain named The domain 

contains a domain controller named DC1 that runs Windows Server 2012 R2. 

You create an Active Directory snapshot of DC1 each day. 

You need to view the contents of an Active Directory snapshot from two days ago. 

What should you do first? 

A. Run the dsamain.exe command. 

B. Stop the Active Directory Domain Services (AD DS) service. 

C. Start the Volume Shadow Copy Service (VSS). 

D. Run the ntdsutil.exe command. 

Answer: A 


Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server. 


see more Administering Windows Server 2012