Jun 2017 updated: 70 411 exam


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-411 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


70-411 Product Description:
Exam Number/Code: 70-411 vce
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-411 Administering Windows Server 2012

70-411 examcollection

Pinpoint of mcsa 70 411 free practice test materials and braindumps for Microsoft certification for client, Real Success Guaranteed with Updated 70 411 exam questions pdf dumps vce Materials. 100% PASS Administering Windows Server 2012 exam Today!

Q81. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. 

The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. 

Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. 

You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2. 

What should you create? 

A. A trust anchor 

B. A stub zone 

C. A zone delegation 

D. A secondary zone 

Answer:

Explanation: 

A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. 


Q82. DRAG DROP 

Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1. VPN1 forwards all authentication requests to NPS1. 

A partner company has an Active Directory forest named adatum.com. The adatum.com forest contains an NPS server named NPS2. 

You plan to grant users from adatum.com VPN access to your network. 

You need to authenticate the users from adatum.com on VPN1. 

What should you create on each NPS server? 

To answer, drag the appropriate objects to the correct NPS servers. Each object may be 

used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 

Answer: 


Q83. Your network is configured as shown in the exhibit. (Click the Exhibit button.) 

Server1 regularly accesses Server2. 

You discover that all of the connections from Server1 to Server2 are routed through Router1. 

You need to optimize the connection path from Server1 to Server2. 

Which route command should you run on Server1? 

A. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100 

B. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50 

C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100 

D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50 

Answer:

Explanation: 

Destination - specifies either an IP address or host name for the network or host. 

subnetmask - specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used. 

gateway - specifies either an IP address or host name for the gateway or router to use when forwarding. 

costmetric - assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes. If costmetric is not specified, 1 is used. 

interface - specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address. 

References: http: //support. microsoft. com/kb/299540/en-us 

http: //technet. microsoft. com/en-us/library/cc757323%28v=ws. 10%29. aspx 


Q84. HOTSPOT 

You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate. 

You need to configure a website on Server1 to use Secure Sockets Layer (SSL). 

To which store should you import the certificate? To answer, select the appropriate store in the answer area. 

Answer: 


Q85. You have Windows Server 2012 R2 installation media that contains a file named Install.wim. 

You need to identify which images are present in Install.wim. 

What should you do? 

A. Run imagex.exe and specify the /ref parameter. 

B. Run dism.exe and specify the /get-mountedwiminfo parameter. 

C. Run dism.exe and specify the /get-imageinfo parameter. 

D. Run imagex.exe and specify the /verify parameter. 

Answer:

Explanation: 

Option: 

/Get-ImageInfo 

Arguments: 

/ImageFile: <path_to_image.wim> 

[{/Index: <Image_index> | /Name: <Image_name>}] 

Displays information about the images that are contained in the .wim, vhd or .vhdx file. 

When used with the Index or /Name argument, information about the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 

Update, see Take Inventory of an Image or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index: 1 for VHD files. 

References: 

http: //technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx 

http: //technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx 

http: //technet.microsoft.com/en-us/library/hh825224.aspx 


Q86. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. 

An administrator modifies the start of authority (SOA) record for the adatum.com zone. 

After the modification, you discover that when you add or modify DNS records in the 

adatum.com zone, the changes are not transferred to the DNS servers that host secondary 

copies of the adatum.com zone. 

You need to ensure that the records are transferred to all the copies of the adatum.com 

zone. 

What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area. 

Answer: 


Q87. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. 

You pre-create a read-only domain controller (P.QDC) account named RODC1. 

You export the settings of RODC1 to a file named Filel.txt. 

You need to promote RODC1 by using File1.txt. 

Which tool should you use? 

A. The Install-WindowsFeature cmdlet 

B. The Add-WindowsFeature cmdlet 

C. The Dism command 

D. The Install-ADDSDomainController cmdlet 

E. the Dcpromo command 

Answer:


Q88. Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named IT and an OU named Sales. 

All of the help desk user accounts are located in the IT OU. All of the sales user accounts are located in the Sales OU. The Sales OU contains a global security group named G_Sales. The IT OU contains a global security group named G_HelpDesk. 

You need to ensure that members of G_HelpDesk can perform the following tasks: 

. Reset the passwords of the sales users. 

. Force the sales users to change their password at their next logon. 

What should you do? 

A. Run the Set-ADAccountPasswordcmdlet and specify the -identity parameter. 

B. Right-click the Sales OU and select Delegate Control. 

C. Right-click the IT OU and select Delegate Control. 

D. Run the Set-ADFineGrainedPasswordPolicycmdlet and specify the -identity parameter. 

Answer:

Explanation: 

G_HelpDesk members need to be allowed to delegate control on the Sales OU as it contains the sales users (G_Sales) 

You can use the Delegation of Control Wizard to delegate the Reset Password permission to the delegated user. 

References: http: //support. microsoft. com/kb/296999/en-us 

http: //support. microsoft. com/kb/296999/en-us 

http: //technet. microsoft. com/en-us/library/cc732524. aspx 


Q89. Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. 

On DC10, the disk that contains the SYSVOL folder fails. 

You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. 

You need to perform a non-authoritative synchronization of SYSVOL on DC10. 

Which tool should you use before you start the DFS Replication service on DC10? 

A. Dfsgui.msc 

B. Dfsmgmt.msc 

C. Adsiedit.msc 

D. Ldp 

Answer:

Explanation: 

How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS) 

. In the ADSIEDIT. MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative: 

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain> msDFSR-Enabled=FALSE 

. Force Active Directory replication throughout the domain. 

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative: 

DFSRDIAG POLLAD 

. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated. 

. On the same DN from Step 1, set: 

msDFSR-Enabled=TRUE 

. Force Active Directory replication throughout the domain. 

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative: 

DFSRDIAG POLLAD 

. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL. 

Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit. msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. 


Q90. You have a DNS server named DN51 that runs Windows Server 2012 R2. 

On DNS1, you create a standard primary DNS zone named adatum.com. 

You need to change the frequency that secondary name servers will replicate the zone from DNS1. 

Which type of DNS record should you modify? 

A. Name server (NS) 

B. Start of authority (SOA) 

C. Host information (HINFO) 

D. Service location (SRV) 

Answer:

Explanation: 

The time to live is specified in the Start of Authority (SOA) record Note: TTL (time to live) - The number of seconds a domain name is cached locally before expiration and return to authoritative nameservers for updated information. 



To know more about the Administering Windows Server 2012, click here.