70-411 class(157 to 168) for IT professionals: Mar 2016 Edition

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


70-411 Product Description:
Exam Number/Code: 70-411 vce
Exam name: Administering Windows Server 2012
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-411 Administering Windows Server 2012

70-411 examcollection

Question No. 157

Your network contains an Active Directory domain named contoso.com. All domain 

controllers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. 

A server named Server1 is a DNS server that runs a UNIX-based operating system. 

You plan to use Server1 as a secondary DNS server for the contoso.com zone. 

You need to ensure that Server1 can host a secondary copy of the contoso.com zone. 

What should you do? 

A. From DNS Manager, modify the Advanced settings of DC1. 

B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone. 

C. From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify the contoso.com zone as a target. 

D. From DNS Manager, modify the Security settings of DC1. 

Answer:

Explanation: 

There are two ways that a secondary DNS server can be added. In both scenarios you will need to add the new server to the Forwarders list of the primary Domain Controller. 

1. The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name System (DNS) server. 

2. From the primary server, open DNS Manager, right click on the server name and select Properties. Click on the Forwarders tab and click the Edit button in the middle of the dialogue box. 


Question No. 158

You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com. 

You need to specify the email address of the person responsible for the zone. 

Which type of DNS record should you configure? 

A. Start of authority (SOA) 

B. Host information (HINFO) 

C. Mailbox (MB) 

D. Mail exchanger (MX) 

Answer:

Explanation: 

A SOA-record defines the responsible person for an entire zone, but a zone may contain many individual hosts / domain names for which different people are responsible. The RP-record type makes it possible to identify the responsible person for individual host names contained within the zone. 




Question No. 159

Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. 

On Server1, you create a standard primary zone named contoso.com. 

You need to ensure that Server2 can host a secondary zone for contoso.com. 

What should you do from Server1? 

A. Add Server2 as a name server. 

B. Create a trust anchor named Server2. 

C. Convert contoso.com to an Active Directory-integrated zone. 

D. Create a zone delegation that points to Server2. 

Answer:

Explanation: 

Typically, adding a secondary DNS server to a zone involves three steps: 

1. 

On the primary DNS server, add the prospective secondary DNS server to the list of name servers that are authoritative for the zone. 

2. On the primary DNS server, verify that the transfer settings for the zone permit the zone to be transferred to the prospective secondary DNS server. 

3. On the prospective secondary DNS server, add the zone as a secondary zone. 

You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server's IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list. Secondary zones cannot be AD-integrated under any circumstances. 

You want to be sure Server2 can host, you do not want to delegate a zone. 

Secondary Domain Name System (DNS) servers help provide load balancing and fault tolerance. Secondary DNS servers maintain a read-only copy of zone data that is transferred periodically from the primary DNS server for the zone. You can configure DNS clients to query secondary DNS servers instead of (or in addition to) the primary DNS server for a zone, reducing demand on the primary server and ensuring that DNS queries for the zone will be answered even if the primary server is not available. 

How-To: Configure a secondary DNS Server in Windows Server 2012 

We need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise replication will fail and you will get this big red X. 


Head over to your primary DNS server, launch DNS manager, expand Forward Lookup Zones, navigate to your primary DNS zone, right-click on it and go to Properties. 


Go to “Zone Transfers” tab, by default, for security reasons, the “Allow zone transfers: ” is un-checked to protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not want to select “To any server” but make sure you click on “Only to servers listed on the Name Servers tab”. 


Head over to the “Name Servers” tab, click Add. 


You will get “New Name Server Record” window, type in the name of your secondary DNS server. it is always better to validate by name not IP address to avoid future problems in case your IP addresses change. Once done, click OK. 


You will see your secondary DNS server is now added to your name servers selection, click OK. 


Now if you head back to your secondary DNS server and refresh, the big red X will go away and your primary zone data will populate. 


Your secondary DNS is fully setup now. You cannot make any DNS changes from your secondary DNS. Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS. 

References: 

http: //technet. microsoft. com/en-us/library/cc816885%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc816814%28v=ws. 10%29. aspx 

http: //blog. hyperexpert. com/how-to-configure-a-secondary-dns-server-in-windows-server-2012/ 

http: //technet. microsoft. com/en-us/library/cc770984. aspx 

http: //support. microsoft. com/kb/816101 

http: //technet. microsoft. com/en-us/library/cc753500. aspx 

http: //technet. microsoft. com/en-us/library/cc771640(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/ee649280(v=ws. 10). aspx 


Question No. 160

Your network is configured as shown in the exhibit. (Click the Exhibit button.) 


Server1 regularly accesses Server2. 

You discover that all of the connections from Server1 to Server2 are routed through Router1. 

You need to optimize the connection path from Server1 to Server2. 

Which route command should you run on Server1? 

A. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100 

B. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50 

C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100 

D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50 

Answer:

Explanation: 

Destination - specifies either an IP address or host name for the network or host. 

subnetmask - specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used. 

gateway - specifies either an IP address or host name for the gateway or router to use when forwarding. 

costmetric - assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes. If costmetric is not specified, 1 is used. 

interface - specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address. 

References: http: //support. microsoft. com/kb/299540/en-us 

http: //technet. microsoft. com/en-us/library/cc757323%28v=ws. 10%29. aspx 


Question No. 161

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers. 

You plan to unlink GPO1 from OU1. 

You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1. 

Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.) 

A. The managed Administrative Template settings 

B. The unmanaged Administrative Template settings 

C. The System Services security settings 

D. The Event Log security settings 

E. The Restricted Groups security settings 

Answer: A,D 

Explanation: 

There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group Policy service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer. 

References: http: //technet. microsoft. com/en-us/library/cc778402(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/bb964258. aspx 


Question No. 162

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table. 


All client computers run Windows 8 Enterprise. 

You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. 

A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers. 

You need to ensure that the client computers can discover HRA servers automatically. 

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) 

A. On all of the client computers, configure the EnableDiscovery registry key. 

B. In a GPO, modify the Request Policy setting for the NAP Client Configuration. 

C. On Server2, configure the EnableDiscovery registry key. 

D. On DC1, create an alias (CNAME) record. 

E. On DC1, create a service location (SRV) record. 

Answer: A,B,E 

Explanation: 

Requirements for HRA automatic discovery 

The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery: 

Client computers must be running Windows Vista. with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3). 

The HRA server must be configured with a Secure Sockets Layer (SSL) certificate. 

The EnableDiscovery registry key must be configured on NAP client computers. 

DNS SRV records must be configured. 

The trusted server group configuration in either local policy or Group Policy must be cleared. 

http: //technet. microsoft. com/en-us/library/dd296901. aspx 


Question No. 163

DRAG DROP 

You are a network administrator of an Active Directory domain named contoso.com. 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Web Server (IIS) server role installed. 

Server1 will host a web site at URL https: //secure.contoso.com. The application pool identity account of the web site will be set to a domain user account named AppPool1. 

You need to identify the setspn.exe command that you must run to configure the appropriate Service Principal Name (SPN) for the web site. 

What should you run? 

To answer, drag the appropriate objects to the correct location. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 


Answer: 



Question No. 164

HOTSPOT 

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled. 

You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin. 

Which naming context should you use? To answer, select the appropriate naming context in the answer area. 


Answer: 



Question No. 165

Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle bin is enabled for contoso.com. 

A support technician accidentally deletes a user account named User1. You need to restore the User1 account. 

Which tool should you use? 

A. Ldp 

B. Esentutl 

C. Active Directory Administrative Center 

D. Ntdsutil 

Answer:


Question No. 166

Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. 

A support technician accidentally deletes a user account named User1. 

You need to use tombstone reanimation to restore the User1 account. 

Which tool should you use? 

A. Active Directory Administrative Center 

B. Ntdsutil 

C. Ldp 

D. Esentutl 

Answer:

Explanation: 

Use Ldp.exe to restore a single, deleted Active Directory object This feature takes advantage of the fact that Active Directory keeps deleted objects in the database for a period of time before physically removing them. use Ldp.exe to restore a single, deleted Active Directory object 

The LPD.exe tool, included with Windows Server 2012, allows users to perform operations against any LDAP-compatible directory, including Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata. 

References: 

http: //www. petri. co. il/manually-undeleting-objects-windows-active-directory-ad. htm 

http: //www. petri. co. il/manually-undeleting-objects-windows-active-directory-ad. htm 

http: //technet. microsoft. com/en-us/magazine/2007. 09. tombstones. aspx 

http: //technet. microsoft. com/nl-nl/library/dd379509(v=ws. 10). aspx#BKMK_2 

http: //technet. microsoft. com/en-us/library/hh875546. aspx 

http: //technet. microsoft. com/en-us/library/dd560651(v=ws. 10). aspx 


Question No. 167

You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim. 

What should you do? 

A. Run dism.exe and specify the /get-mountedwiminfo parameter. 

B. Run imagex.exe and specify the /verify parameter. 

C. Run imagex.exe and specify the /ref parameter. 

D. Run dism.exe and specify the/get-imageinfo parameter. 

Answer:

Explanation: 

/Get-MountedWimInfo Lists the images that are currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted image index. 

References: 

 http: //technet. microsoft. com/en-us/library/cc749447(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/dd744382(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/hh825224. aspx 


Question No. 168

HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4. 

Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1. 

You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.) 


To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. 



Answer: