Tips to Pass 70-411 Exam (97 to 108)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-411-dumps.html


Exam Code: 70-411 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-411 Exam.

2016 Apr 70-411 Study Guide Questions:

Q97. Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP or Windows 8. 

Network Policy Server (NPS) is deployed to the domain. 

You plan to create a system health validator (SHV). 

You need to identify which policy settings can be applied to all of the computers. 

Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.) 

A. Antispyware is up to date. 

B. Automatic updating is enabled. 

C. Antivirus is up to date. 

D. A firewall is enabled for all network connections. 

E. An antispyware application is on. 

Answer: B,C,D 

Explanation: 

The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware applications. 



Q98. Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. 

On DC10, the disk that contains the SYSVOL folder fails. 

You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. 

You need to perform a non-authoritative synchronization of SYSVOL on DC10. 

Which tool should you use before you start the DFS Replication service on DC10? 

A. Dfsgui.msc 

B. Dfsmgmt.msc 

C. Adsiedit.msc 

D. Ldp 

Answer: C 

Explanation: 

How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS) 

. In the ADSIEDIT. MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative: 

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain> msDFSR-Enabled=FALSE 

. Force Active Directory replication throughout the domain. 

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative: 

DFSRDIAG POLLAD 

. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated. 

. On the same DN from Step 1, set: 

msDFSR-Enabled=TRUE 

. Force Active Directory replication throughout the domain. 

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative: 

DFSRDIAG POLLAD 

. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL. 

Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit. msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. 


Q99. Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. 

You create a Password Settings object (PSO) named PSO1. 

You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1. 

What should you do? 

A. From Active Directory Users and Computers, run the Delegation of Control Wizard. 

B. From Active Directory Administrative Center, modify the security settings of PSO1. 

C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1. 

D. From Active Directory Administrative Center, modify the security settings of OU1. 

Answer: B 

Explanation: 

PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs, consider creating global security groups that contain the users from these OUs and then applying the newly defined finegrained password and account lockout policies to them. If you move a user from one OU to another, you must update user memberships in the corresponding global security groups. Go ahead and hit "OK" and then close out of all open windows. Now that you have created a password policy, we need to apply it to a user/group. In order to do so, you must have "write" permissions on the PSO object. We're doing this in a lab, so I'm Domain Admin. Write permissions are not a problem 

1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active Directory Users and Computers). 

2. On the View menu, ensure that Advanced Features is checked. 

3. In the console tree, expand Active Directory Users and Computers\yourdomain\System\Password Settings Container 

4. In the details pane, right-click the PSO, and then click Properties. 

5. Click the Attribute Editor tab. 

6. Select the msDS-PsoAppliesTo attribute, and then click Edit. 


Q100. HOTSPOT 

You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate. 

You need to configure a website on Server1 to use Secure Sockets Layer (SSL). 

To which store should you import the certificate? To answer, select the appropriate store in the answer area. 


Answer: 



70-411 exam fees

Renew 70-411 real exam:

Q101. Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet. 

You implement DirectAccess by using the default configuration. 

You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com. 

Which settings should you configure in a Group Policy object (GPO)? 

A. DirectAccess Client Experience Settings 

B. DNS Client 

C. Name Resolution Policy 

D. Network Connections 

Answer: C 

Explanation: 

For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, internal.contoso.com or . corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers. 

Include all intranet DNS namespaces that you want DirectAccess client computers to access. 

There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy. 


Q102. You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1. 

You need to configure DCS1 to log data to D:\logs. 

What should you do? 

A. Right-click DCS1 and click Properties. 

B. Right-click DCS1 and click Export list. 

C. Right-click DCS1 and click Data Manager. 

D. Right-click DCS1 and click Save template. 

Answer: A 

Explanation: 

The Root Directory will contain data collected by the Data Collector Set. Change this setting if you want to store your Data Collector Set data in a different location than the default. Browse to and select the directory, or type the directory name. 

To view or modify the properties of a Data Collector Set after it has been created, you can: 

* Select the Open properties for this data collector set check box at the end of the Data 

Collector Set Creation Wizard. 

* Right-click the name of a Data Collector Set, either in the MMC scope tree or in the 

console window, and click Properties in the context menu. 

Directory tab: 

In addition to defining a root directory for storing Data Collector Set data, you can specify a 

single Subdirectory or create a Subdirectory name format by clicking the arrow to the right 

of the text entry field. 


Q103. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table. 


The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtual machine that is hosted on Server1. 

You need to ensure that you can clone DC6. 

Which FSMO role should you transfer to DC2? 

A. Rid master 

B. Domain naming master 

C. PDC emulator 

D. Infrastructure master 

Answer: C 

Explanation: 

The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows 

Server 2012 R2, but it does not have to be running on a hypervisor. 

Reference: 

http: //technet. microsoft. com/en-us/library/hh831734. aspx 


Q104. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1. 

You create and link a Group Policy object (GPO) named GPO1 to OU1. 

You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1. 

What should you configure? 

A. Security Filtering. 

B. WMI Filtering. 

C. Block Inheritance. 

D. Item-level targeting. 

Answer: D 

Explanation: 

You can use item-level targeting to change the scope of individual preference items, so they apply only to selected users or computers. Within a single Group Policy object (GPO), you can include multiple preference items, each customized for selected users or computers and each targeted to apply settings only to the relevant users or computers. 

Reference: https://technet.microsoft.com/en-us/library/cc733022.aspx 


70-411 test preparation

Guaranteed 70-411 bible:

Q105. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. 

All client computers run Windows 8 Enterprise. 

DC1 contains a Group Policy object (GPO) named GPO1. 

You need to deploy a VPN connection to all users. 

What should you configure from User Configuration in GPO1? 

A. Policies/Administrative Templates/Network/Windows Connect Now 

B. Policies/Administrative Templates/Network/Network Connections 

C. Policies/Administrative Templates/Windows Components/Windows Mobility Center 

D. Preferences/Control Panel Settings/Network Options 

Answer: D 

Explanation: 

1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. 

2. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. 

3. Right-click the Network Options node, point to New, and select VPN Connection. 

The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension. 

Reference: http: //technet.microsoft.com/en-us/library/cc772449.aspx 


Q106. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

You need to audit successful and failed attempts to read data from USB drives on the servers. 

Which two objects should you configure? To answer, select the appropriate two objects in the answer area. 


Answer: 



Q107. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

You enable and configure Routing and Remote Access (RRAS) on Server1. 

You create a user account named User1. 

You need to ensure that User1 can establish VPN connections to Server1. 

What should you do? 

A. Create a network policy. 

B. Create a connection request policy. 

C. Add a RADIUS client. 

D. Modify the members of the Remote Management Users group. 

Answer: A 

Explanation: 

Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can or cannot connect. 

Network policies can be viewed as rules. Each rule has a set of conditions and settings. 

Configure your VPN server to use Network Access Protection (NAP) to enforce health requirement policies. 


References: http: //technet. microsoft. com/en-us/library/hh831683. aspx 

http: //technet. microsoft. com/en-us/library/cc754107. aspx 

http: //technet. microsoft. com/en-us/library/dd314165%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/windowsserver/dd448603. aspx 

http: //technet. microsoft. com/en-us/library/dd314165(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/dd469733. aspx 

http: //technet. microsoft. com/en-us/library/dd469660. aspx 

http: //technet. microsoft. com/en-us/library/cc753603. aspx 

http: //technet. microsoft. com/en-us/library/cc754033. aspx 

http: //technet. microsoft. com/en-us/windowsserver/dd448603. aspx 


Q108. Your company has a main office and a branch office. The main office is located in Seattle. The branch office is located in Montreal. Each office is configured as an Active Directory site. 

The network contains an Active Directory domain named adatum.com. The Seattle office contains a file server named Server1. The Montreal office contains a file server named Server2. 

The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed. 

Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication. 

You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1. 

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) 

A. Create a replication connection. 

B. Create a namespace. 

C. Share and publish the replicated folder. 

D. Create a new topology. 

E. Modify the Referrals settings. 

Answer: B,C,E 

Explanation: 

To share a replicated folder and publish it to a DFS namespace Click Start, point to Administrative Tools, and then click DFS Management. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a 

namespace, and then follow the steps in the wizard. 

Note that: If you do not have an existing namespace, you can create one in the 

Namespace Path page in the Share and Publish Replicated Folder Wizard. To create the namespace, in the Namespace Path page, click Browse, and then click New Namespace. 

To create a namespace 

Click Start, point to Administrative Tools, and then click DFS Management. 

In the console tree, right-click the Namespaces node, and then click New Namespace. 

Follow the instructions in the New Namespace Wizard. 

To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server instance on the Namespace Server page of the New Namespace Wizard. 

Important 

Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the forest functional level is Windows Server 2003 or higher. Doing so can result in a namespace for which you cannot delete DFS folders, yielding the following error message: “The folder cannot be deleted. Cannot complete this function.” 

To share a replicated folder and publish it to a DFS namespace 

1. Click Start, point to Administrative Tools, and then click DFS Management. 

2. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share. 

3. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace. 

4. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the wizard. 


"You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1." 



Reference: http: //technet. microsoft. com/en-us/library/cc731531. aspx 

http: //technet. microsoft. com/en-us/library/cc772778%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc732414. aspx 

http: //technet. microsoft. com/en-us/library/cc772379. aspx 

http: //technet. microsoft. com/en-us/library/cc732863%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc725830. aspx 

http: //technet. microsoft. com/en-us/library/cc771978. aspx