Tips to Pass 70-411 Exam (109 to 120)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


70-411 Product Description:
Exam Number/Code: 70-411 vce
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-411 Administering Windows Server 2012

70-411 examcollection

Exam Code: 70-411 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-411 Exam.

2016 Apr 70-411 Study Guide Questions:

Q109. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed. 

You need to allow connections that use 802.1x. 

What should you create? 

A. A network policy that uses Microsoft Protected EAP (PEAP) authentication 

B. A network policy that uses EAP-MSCHAP v2 authentication 

C. A connection request policy that uses EAP-MSCHAP v2 authentication 

D. A connection request policy that uses MS-CHAP v2 authentication 

Answer: C 

Explanation: 

802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods: 

EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. 

EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate-based security environments, and it provides the strongest authentication and key determination method. 

EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication. 

PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols. 

Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following: 

The time of day and day of the week 

The realm name in the connection request 

The type of connection being requested 

The IP address of the RADIUS client 


Q110. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed. 

You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard. 

You need to ensure that you can configure the VPN enforcement method on Server1 successfully. 

What should you install on Server1 before you run the Configure NAP wizard? 

A. A system health validator (SHV) 

B. The Host Credential Authorization Protocol (HCAP) 

C. A computer certificate 

D. The Remote Access server role 

Answer: C 

Explanation: 

Configure NAP enforcement for VPN 

This checklist provides the steps required to deploy computers with Routing and Remote 

Access Service installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection (NAP). 




Q111. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 is a DNS server for contoso.com. The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.) 


The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server. 

You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone. 

What should you configure? 

A. The workgroup name of Server1 

B. The Security settings of the contoso.com zone 

C. The Dynamic updates setting of the contoso.com zone 

D. The primary DNS suffix of Server1 

Answer: D 

Explanation: 

When any computer or a standalone server is added to a domain as a member, the network identifies that computer with its Fully Qualified Domain Name or FQDN. A Fully Qualified Domain Name consist of a hostname and the DNs suffix separated by a “. ” called period. An example for this can be server01. msftdomain.com where “server01 is the hostname of the computer and “msftdomain.com” is the DNS suffix which follows the hostname. A complete FQDN of a client computer or a member server uniquely identifies that computer in the entire domain. 

Primary DNS suffix must manually be added in Windows 8 computer to change its hostname to Fully Qualified Domain Name so that it becomes eligible to send queries and receive responses from the DNS server. Following are the steps which can be implemented to add primary DNS suffix to a Windows 8 computer hostname: 

Log on to Windows 8 computer with administrator account. 

From the options available on the screen click Control Panel. 

On the opened window click More Settings from the left pane. 

On the next window click System and Security category and on the appeared window click System. 

On View basic information about your computer window click Change settings under Computer name, domain, and workgroup settings section. 

On System Properties box make sure that Computer Name tab is selected and click Change button. 

On Computer Name/Domain Changes box click More button. 

On DNS Suffix and NetBIOS Computer Name box type in the DNS domain name as the DNS suffix to the Windows 8 computer under Primary DNS suffix of this computer field. 

Click Ok button on all the boxes and restart the computer to allow changes to take effect. 



For years, Windows DNS has supported dynamic updates, whereas a DNS client host registers and dynamically updates the resource records with a DNS server. If a host’s IP address changes, the resource record (particularly the A record) for the host is automatically updated, while the host utilizes the DHCP server to dynamically update its Pointer (PTR) resource record. Therefore, when a user or service needs to contact a client PC, it can look up the IP address of the host. With larger organizations, this becomes an essential feature, especially for clients that frequently move or change locations and use DHCP to automatically obtain an IP address. For dynamic DNS updates to succeed, the zone must be configured to accept dynamic updates: 


References: 

http: //technet. microsoft. com/en-us/library/cc778792%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc778792%28v=ws. 10%29. aspx 

http: //www. advicehow. com/adding-primary-dns-suffix-in-microsoft-windows-8/ 

http: //technet. microsoft. com/en-us/library/cc959611. aspx 


Q112. Your network contains 25 Web servers that run Windows Server 2012 R2. 

You need to configure auditing policies that meet the following requirements: 

. Generate an event each time a new process is created. 

. Generate an event each time a user attempts to access a file share. 

Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area. 

A. Audit access management (Not Defined) 

B. Audit directory service access (Not Defined) 

C. Audit logon events (Not Defined) 

D. Audit Object (Not Defined) 

E. Audit policy change(Not Defined) 

F. Audit privilege use (Not Defined) 

G. Audit process tracking (Not Defined) 

H. Audit system events(Not Defined) 

Answer: D,G 

Explanation: * Audit Object Access 

Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified. 

* Audit Process Tracking 

Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. 

Reference: Audit object access 

https://technet.microsoft.com/en-us/library/cc976403.aspx 

Reference: Audit Process Tracking 

https://technet.microsoft.com/en-us/library/cc976411.aspx 


70-411 practice test

Most up-to-date 70-411 free practice exam:

Q113. Your network contains multiple Active Directory sites. 

You have a Distributed File System (DFS) namespace that has a folder target in each site. 

You discover that some client computers connect to DFS targets in other sites. 

You need to ensure that the client computers only connect to a DFS target in their respective site. 

What should you modify? 

A. The properties of the Active Directory sites 

B. The properties of the Active Directory site links 

C. The delegation settings of the namespace 

D. The referral settings of the namespace 

Answer: D 

Reference: 

http://www.windowsnetworking.com/articles_tutorials/Configuring-DFS-Namespaces.html 


Q114. You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1. 

You need to configure DCS1 to log data to D:\logs. 

What should you do? 

A. Right-click DCS1 and click Properties. 

B. Right-click DCS1 and click Export list. 

C. Right-click DCS1 and click Data Manager. 

D. Right-click DCS1 and click Save template. 

Answer: A 

Explanation: 

The Root Directory will contain data collected by the Data Collector Set. Change this setting if you want to store your Data Collector Set data in a different location than the default. Browse to and select the directory, or type the directory name. 

To view or modify the properties of a Data Collector Set after it has been created, you can: 

* Select the Open properties for this data collector set check box at the end of the Data 

Collector Set Creation Wizard. 

* Right-click the name of a Data Collector Set, either in the MMC scope tree or in the 

console window, and click Properties in the context menu. 

Directory tab: 

In addition to defining a root directory for storing Data Collector Set data, you can specify a 

single Subdirectory or create a Subdirectory name format by clicking the arrow to the right 

of the text entry field. 


Q115. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table. 


The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1. 

You need to ensure that you can clone DC6. 

What should you do? 

A. Transfer the schema master to DC6. 

B. Transfer the PDC emulator to DC5. 

C. Transfer the schema master to DC4. 

D. Transfer the PDC emulator to DC2. 

Answer: D 

Explanation: 

A deployed Windows Server 2012 domain controller (virtualized or physical) that hosts the PDC emulator role (DC1). To verify whether the PDC emulator role is hosted on a Windows Server 2012 domain controller, run the following Windows PowerShell command: Get-ADComputer (Get-ADDomainController –Discover –Service "PrimaryDC").name –Propertyoperatingsystemversion|fl 

Reference: http: //technet. microsoft. com/en-us/library/hh831734. aspx#steps_deploy_vdc 


Q116. Your network contains an Active Directory domain named adatum.com. 

A network administrator creates a Group Policy central store. 

After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates. 

You need to ensure that the Administrative Templates appear in new GPOs. 

What should you do? 

A. Add your user account to the Group Policy Creator Owners group. 

B. Configure all domain controllers as global catalog servers. 

C. Copy files from %Windir%\Policydefinitions to the central store. 

D. Modify the Delegation settings of the new GPOs. 

Answer: C 

Explanation: 

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. 


70-411 prep

Refined 70-411 pack:

Q117. Your network contains an Active Directory domain named contoso.com. The domain 

contains a domain controller named DC1 that runs Windows Server 2012 R2. 

You mount an Active Directory snapshot on DC1. 

You need to expose the snapshot as an LDAP server. 

Which tool should you use? 

A. Ldp 

B. ADSI Edit 

C. Dsamain 

D. Ntdsutil 

Answer: C 

Explanation: 

dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389 

Reference: http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx 



Q118. Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP or Windows 8. 

Network Policy Server (NPS) is deployed to the domain. 

You plan to create a system health validator (SHV). 

You need to identify which policy settings can be applied to all of the computers. 

Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.) 

A. Antispyware is up to date. 

B. Automatic updating is enabled. 

C. Antivirus is up to date. 

D. A firewall is enabled for all network connections. 

E. An antispyware application is on. 

Answer: B,C,D 

Explanation: 

The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware applications. 



Q119. HOTSPOT 

You have a server named Server4 that runs Windows Server 2012 R2. Server4 has the Windows Deployment Services server role installed. 

Server4 is configured as shown in the exhibit. (Click the Exhibit button.) 


To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. 



Answer: 



Q120. Your network contains an Active Directory domain named contoso.com. 

You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.) 


You plan to use the User1 account as a service account. The service will forward authentication requests to other servers. 

You need to ensure that you can view the Delegation tab from the properties of the User1 account. 

What should you do first? 

A. Configure the Name Mappings of User1. 

B. Modify the user principal name (UPN) of User1. 

C. Configure a Service Principal Name (SPN) for User1. 

D. Modify the Security settings of User1. 

Answer: C 

Explanation: 

If you cannot see the Delegation tab, do one or both of the following: 

Register a Service Principal Name (SPN) for the user account with the Setspn utility in the 

support tools on your CD. Delegation is only intended to be used by service accounts, 

which should have registered SPNs, as opposed to a regular user account which typically 

does not have SPNs. 

Raise the functional level of your domain to Windows Server 2003. For more information, 

see Related Topics. 


References: 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 

http: //technet. microsoft. com/en-us/library/cc739474(v=ws. 10). aspx 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 



see more 70-411 dumps