70-411 lab(109 to 120) for IT engineers: Apr 2016 Edition

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


Breathing of 70-411 exam cost materials and training tools for Microsoft certification for consumer, Real Success Guaranteed with Updated 70-411 pdf dumps vce Materials. 100% PASS Administering Windows Server 2012 exam Today!

2016 Apr 70-411 Study Guide Questions:

Q109. HOTSPOT 

You have a server named LON-SVR1 that runs Windows Server 2012 R2. LON-SVR1 has the Remote Access server role installed. LON-SVRl is located in the perimeter network. 

The IPv4 routing table on LON-SVR1 is configured as shown in the following exhibit. (Click the Exhibit button.) 


Your company purchases an additional router named Router1. Router1 has an interface that connects to the perimeter network and an interface that connects to the Internet. The IP address of the interface that connects to the perimeter network is 172.16.0.2. 

You need to ensure that LON-SVR1 will route traffic to the Internet by using Router1 if the current default gateway is unavailable. 

How should you configure the static route on LON-SVR1? To answer, select the appropriate static route in the answer area. 


Answer: 



Q110. HOTSPOT 

Your network contains a RADIUS server named Admin1. 

You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed. 

You need to ensure that all accounting requests for Server2 are forwarded to Admin1. 

On Server2, you create a new remote RADIUS server group named Group1 that contains Admin1. 

What should you configure next on Server2? 

To answer, select the appropriate node in the answer area. 


Answer: 



Q111. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers. 

You plan to unlink GPO1 from OU1. 

You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1. 

Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.) 

A. The managed Administrative Template settings 

B. The unmanaged Administrative Template settings 

C. The System Services security settings 

D. The Event Log security settings 

E. The Restricted Groups security settings 

Answer: A,D 

Explanation: 

There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group Policy service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer. 

References: http: //technet. microsoft. com/en-us/library/cc778402(v=ws. 10). aspx http: //technet. microsoft. com/en-us/library/bb964258. aspx 


Q112. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013. 

You implement a Group Policy central store. 

You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort. 

What should you configure in a Group Policy object (GPO)? 

A. The Group Policy preferences 

B. An application control policy 

C. The Administrative Templates 

D. The Software Installation settings 

Answer: A 

Explanation: 

Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. 

: http://technet.microsoft.com/en-us/library/dn581922.aspx 


70-411 exam cost

Most up-to-date 70-411 exam answers:

Q113. HOTSPOT 

Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers that run Windows Server 2012 R2. 

You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers. 

You need to configure BitLocker policies for the file servers to meet the following requirements: 

. Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker. 

. Ensure that the BitLocker recovery key and recovery password are stored in Active 

Directory. Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area. 


Answer: 



Q114. HOTSPOT 

Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York. 

The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed. 

All client computers obtain their IPv4 and IPv6 addresses from DHCP. 

You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office. 

Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.

 

Answer: 



Q115. You have a server named Server1 that runs Windows Server 2012 R2. 

An administrator creates a quota as shown in the Quota exhibit. (Click the Exhibit button.) 


You run the dir command as shown in the Dir exhibit. (Click the Exhibit button.) 


You need to ensure that D:\Folder1 can only consume 100 MB of disk space. 

What should you do? 

A. From File Server Resource Manager, create a new quota. 

B. From File Server Resource Manager, edit the existing quota. 

C. From the Services console, set the Startup Type of the Optimize drives service to Automatic. 

D. From the properties of drive D, enable quota management. 

Answer: A 

Explanation: 

1. In Quota Management, click the Quota Templates node. 

2. In the Results pane, select the template on which you will base your new quota. 

3. Right-click the template and click Create Quota from Template (or select Create Quota from Template from the Actions pane). This opens the Create Quota dialog box with the summary properties of the quota template displayed. 

4. Under Quota path, type or browse to the folder that the quota will apply to. 

5. Click the Create quota on path option. Note that the quota properties will apply to the entire folder. 

Note: To create an auto apply quota, click the Auto apply template and create quotas on existing and new subfolders option. For more information about auto apply quotas, see Create an Auto Apply Quota. 

6. Under Drive properties from this quota template, the template you used in step 2 to create your new quota is preselected (or you can select another template from the list). Note that the template's properties are displayed under Summary of quota properties. 

7. Click Create. 

Create a new Quota on path, without using the auto apply template and create quota on existing and new subfolders. 




Reference: http: //technet.microsoft.com/en-us/library/cc755603(v=ws.10).aspx 


Q116. Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1. 

You create a global group named RODC_Admins. 

You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects. 

What should you do? 

A. From Active Directory Sites and Services, run the Delegation of Control Wizard. 

B. From a command prompt, run the dsadd computer command. 

C. From Active Directory Site and Services, configure the Security settings of the R0DC1 server object. 

D. From a command prompt, run the dsmgmt local roles command. 

Answer: D 

Explanation: 

RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the ability to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt. 


70-411 exams

High quality 70-411 questions pool:

Q117. Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named Server1.contoso.com. The adatum.com forest contains a server named server2. adatum.com. Both servers have the Network Policy Server role service installed. 

The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed. 

You plan to configure Server3 as an authentication provider for several VPN servers. 

You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com. 

Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.) 

A. Remediation server groups 

B. Remote RADIUS server groups 

C. Connection request policies 

D. Network policies 

E. Connection authorization policies 

Answer: B,C 

Explanation: 

To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. 


References: http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 

http: //technet. microsoft. com/en-us/library/cc754518. aspx 


Q118. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

You create a central store for Group Policy. 

You receive a custom administrative template named Template1.admx. 

You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs). 

What should you do? 

A. From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates. 

B. From the Default Domain Policy, add Template1.admx to the Administrative Templates. 

C. Copy Template1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\. 

D. Copy Template1.admx to \\Contoso.com\NETLOGON. 

Answer: C 

Explanation: 

Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs. 



Q119. Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1. 

Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1. 

You need to copy GPO1 from dev.contoso.com to contoso.com. 

What should you do first on DC2? 

A. From the Group Policy Management console, right-click GPO1 and select Copy. 

B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter. 

C. Run the Save-NetGpocmdlet. 

D. Run the Backup-Gpocmdlet. 

Answer: A 

Explanation: 

To copy a Group Policy object: 

In the GPMC console tree, right-click the GPO that you want to copy, and then click Copy. 

To create a copy of the GPO in the same domain as the source GPO, right-click Group Policy objects, click Paste, specify permissions for the new GPO in the Copy GPO box, and then click OK. 

For copy operations to another domain, you may need to specify a migration table. 

The Migration Table Editor (MTE) is provided with Group Policy Management Console (GPMC) to facilitate the editing of migration tables. Migration tables are used for copying or importing Group Policy objects (GPOs) from one domain to another, in cases where the GPOs include domain-specific information that must be updated during copy or import. 

Source WS2008R2: Backup the existing GPOs from the GPMC, you need to ensure that the “Group Policy Objects” container is selected for the “Backup Up All” option to be available. 

Copy a Group Policy Object with the Group Policy Management Console (GPMC) 

You can copy a Group Policy object (GPO) either by using the drag-and-drop method or right-click method. 

Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012 

References: 

http://technet.microsoft.com/en-us/library/cc785343(v=WS.10).aspx 

http://technet.microsoft.com/en-us/library/cc733107.aspx 


Q120. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. 

You need to configure Server1 to perform network address translation (NAT). 

What should you do? 

A. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network adapter. 

B. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network adapter. 

C. From Routing and Remote Access, add an IPv6 routing protocol. 

D. From Routing and Remote Access, add an IPv4 routing protocol. 

Answer: D 

Explanation: 

To configure an existing RRAS server to support both VPN remote access and NAT routing: 

1. Open Server Manager. 

2. Expand Roles, and then expand Network Policy and Access Services. 

3. Right-click Routing and Remote Access, and then click Properties. 

4. Select IPv4 Remote access Server or IPv6 Remote access server, or both.