I’m currently studying for Microsoft exam 70-411. I do enjoy studying for exams. It’s hard, but it’s an excellent forcing function. I learn bits and pieces here and there now and then about this and that, but when I have an exam schedule for a set date, I have to study! And not only do I put in more hours, but I follow a more systematic approach. In this article, I’m going to share GreatExam braindumps in case you too are studying and this method works for you.
QUESTION 81
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
– Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
– Ensure that all JPG files can always be saved to a local computer,
even when a file screen exists.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
Answer:
Explanation:
File Screens – Here you can set a “file screen exception for JPG’s”
File Management Tasks – Set a new task to archive data
QUESTION 82
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers.
The network contains a server named Server1 that has the Hyper-V server role installed.
DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Infrastructure Master
B. RID Master
C. Domain Naming Master
D. PDC emulator
Answer: D
Explanation:
D. The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor.
http://technet.microsoft.com/en-us/library/hh831734.aspx
QUESTION 83
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named Appl.
Users report that App1 responds more slowly than expected.
You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.
Which performance object should you monitor on Server1?
A. Processor
B. Hyper-V Hypervisor Virtual Processor
C. Hyper-V Hypervisor Root Virtual Processor
D. Process
E. Hyper-V Hypervisor Logical Processor
Answer: E
Explanation:
In the simplest way of thinking the virtual processor time is cycled across the available logical processors in a round-robin type of fashion.
Thus all the processing power gets used over time, and technically nothing ever sits idle.
To accurately measure the processor utilization of a guest operating system, use the
“\Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time” performance monitor counter on the Hyper-V host operating system.
QUESTION 84
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2.
The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share – Advanced option.
B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C. From the File Server Resource Manager console, modify the Email Notifications settings.
D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option.
Answer: C
Explanation:
When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both.
The owner distribution list is configured by using the SMB Share – Advanced file share profile in the New Share Wizard in Server Manager.
http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12
QUESTION 85
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Both servers have the DFS Replication role service installed.
You need to configure the DFS Replication environment to meet the following requirements:
– Increase the quota limit of the staging folder.
– Configure the staging folder cleanup process to provide the highest amount of free space possible.
Which cmdlets should you use to meet each requirement?
To answer, select the appropriate options in the answer area.
Answer:
Explanation:
The DFS Replication uses staging folders for each replicated folder as caches for new and changed files, which can be replicated from sending members to receiving members. These files are under the local path of the replicated folder in the folder DfsrPrivate \ Staging stored.
When a file for two or more members shall be amended before the changes can be replicated, “wins” the last updated file the conflict, and the files have “lost”, are moved to the conflict folder for deleted files. The files that are lost, in the folder DfsrPrivate \ ConflictandDeleted stored under the local path of the replicated folder on the member that resolves the conflict.
The conflict folder for deleted files will also be used to store files that are deleted from replicated folders. By default, the quota size of each staging folder 4,096 MB, and the quota size of each Conflict and Deleted folder corresponds to 660 MB. The size of each folder on a member is cumulative per volume; So when several replicated folders are available on a member, a plurality of staging folder and Conflict folder for deleted files are created by the DFS Replication, each has its own quota.
The following subsections provide information about how to edit the quota of the staging folder and Conflict and Deleted folder . as well as to optimize the size of staging folders Optimize the size of staging folders Although you can adjust the size of each staging folder, you have to consider the following factors:
QUESTION 86
Your network contains an Active Directory domain named contoso.com.
You need to create a AD Snapshot.
Which four actions should you perform? To answer, move the four appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
With Windows Server 2008 a new feature was introduced that allowed administrators snapshots (snapshots) to create the Active Directory database for offline use. Consequently, you have the opportunity to mount a backup of the Active Directory database on a selectable TCP port and to sift through Active with an LDAP Reader or the console Directory Users and Computers (ADUC).
The ways of accessing the information from the Snapshot only include reading .
The possibilities are quite varied. For example, if the properties of objects have changed and you need to find and restore the original state, you can use an older backup of Active Directory mount database and transfer the data either manually or the standard tools CSVDE and LDIFDE use to export the information and subsequently in to import the production database
QUESTION 87
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012 R2.
Server 1 and Server2 host a load-balanced application pool named AppPool1.
You need to ensure that AppPool1 uses a group Manged Service Account as its identity.
Which 3 actions should you perform?
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/jj128431.aspx
QUESTION 88
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
What should you do?
A. Perform a non-authoritative restore.
B. Modify the is Recycled attribute of Group1.
C. Perform an authoritative restore.
D. Recover the items by using Active Directory Recycle Bin.
Answer: C
Explanation:
“You can use three methods to restore deleted user accounts, computer accounts, and security groups. These objects are known collectively as security principals. In all three methods, you authoritatively restore the deleted objects, and then you restore group membership information for the deleted security principals. When you restore a deleted object, you must restore the former values of the member and memberOf attributes in the affected security principal. The three methods are:
Method 1: Restore the deleted user accounts, and then add the restored users back to their groups by using the Ntdsutil.exe command-line tool (Microsoft Windows Server 2003 with Service Pack 1 [SP1] only)
Method 2: Restore the deleted user accounts, and then add the restored users back to their groups
Method 3: Authoritatively restore the deleted user accounts and the deleted users’ security groups two times”
http://support.microsoft.com/kb/840001
QUESTION 89
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1.
The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Users and Computers , configure the Managed By settings of the RODC1 account.
B. From Active Directory Sites and Services, run the Delegation of Control Wizard
C. From Active Directory Users and Computers, run the Delegation of Control Wizard.
D. From a command prompt, run the dsadd computer command.
Answer: A
Explanation:
Note:
* You can delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain or other domain controllers. This permits a local branch user to log on to an RODC and perform maintenance work on the server, such as upgrading a driver. However, the branch user cannot log on to any other domain controller or perform any other administrative task in the domain. In this way, the branch user can be delegated the ability to effectively manage the RODC in the branch office without compromising the security of the rest of the domain.
Incorrect:
Not C: The Set-ADAccountControl cmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. UAC values are represented by cmdlet parameters. For example, set the PasswordExpired parameter to change whether an account is expired and to modify the ADS_UF_PASSWORD_EXPIRED UAC value.
Not D: Managed by Tab in Windows Server computer account grantslocal admin access to that RODC. This means he getsControl Access for ResetPassword, and WriteProperty for UserLogonInformation and AccountRestrictions propsets. These allow him to attach an RODC to precreated RODC account, or to perform RODC demotion (with /retainDcMetadata flag). He is also dropped into the local builtin admins group on that RODC
QUESTION 90
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso/User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. Join DC10 to the domain. Modify the properties of the DC10 computer account
B. From Active Directory Administrative Center, pre-create an RODC computer account.
C. Join DC10 to the domain. Run dsmod and specify the /server switch
D. From Active Directory Administrative Center, modify the security settings of the Domain Controllers organizational unit (OU).
Answer: B
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1. Staging an unoccupied computer account
2. Attaching an RODC to that account during promotion
Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)
QUESTION 91
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
All domain controllers run Windows Server 2012 R2 and are configured as DNS servers.
All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use?
To answer, select the appropriate naming context in the answer area.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/dd392260%28v=ws.10%29.aspx
QUESTION 92
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
What should you do?
A. Transfer the schema master to DC6.
B. Transfer the schema master to DC4.
C. Transfer the PDC emulator to DC2.
D. Transfer the PDC emulator to DC5.
Answer: C
Explanation:
A deployed Windows Server 2012 domain controller (virtualized or physical) that hosts the PDC emulator role (DC1). To verify whether the PDC emulator role is hosted on a Windows Server 2012 domain controller, run the following Windows PowerShell command:
Get-ADComputer (Get-ADDomainController – Discover – Service “PrimaryDC”). Name – Property
operatingsystemversion | fl
http://technet.microsoft.com/en-us/library/hh831734.aspx#steps_deploy_vdc
QUESTION 93
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You need to audit successful and failed attempts to read data from USB drives on the servers.
Which two objects should you configure?
To answer, select the appropriate two objects in the answer area.
Answer:
Explanation:
The figure shows the sub-category are object access the advanced audit policy shown. For the logging of removable media error events the setting “Audit Handle Manipulation” also be activated.
QUESTION 94
Hotspot Question
You have a server named Server4 that runs Windows Server 2012 R2.
Server4 has the Windows Deployment Services server role installed.
Server4 is configured as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
Answer:
Explanation:
With a 64-bit client computer, both 32-bit and 64-bit boot images may be used. With a 32-bit client computers 32 bit boot images can be started.
The order will be displayed in the installation images and the default boot image can be controlled via the priority settings of images. The lower the value, the higher the priority. If available, a boot image is used, that the architecture of the client corresponds.
QUESTION 95
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You have a desktop computer that has the following configuration:
– Computer name: Computer1
– Operating system: Windows 8
– MAC address: 20-CF-30-65-D0-87
– GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618
You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.
Which two values should you assign to the device ID?
(Each correct answer presents a complete solution. Choose two.)
A. 20CF3065D08700000000000000000000
B. 979708BFC04B45259FE0C4150BB6C618
C. 979708BF-C04B-452S-9FE0-C4150BB6C618
D. 0000000000000000000020CF306SD087
E. 00000000-0000-0000-0000-C41S0BB6C618
Answer: CD
Explanation:
* To add or remove pre-staged client to/from AD DS, specify the name of the computer or the device ID, which is a GUID, media access control (MAC) address, or Dynamic Host Configuration Protocol (DHCP) identifier associated with the computer.
* Example: Remove a device by using its ID from a specified domain This command removes the pre-staged device that has the specified ID. The cmdlet searches the domain named TSQA.Contoso.com for the device.
Windows PowerShell
PS C:\> Remove-WdsClient -DeviceID “5a7a1def-2e1f-4a7b-a792-ae5275b6ef92” -Domain -DomainName “TSQA.Contoso.com”
QUESTION 96
Hotspot Question
Your company has four offices. The offices are located in Montreal, Seattle, Sydney, and New York.
The network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that runs Windows Server 2012 R2. Server2 has the DHCP Server server role installed.
All client computers obtain their IPv4 and IPv6 addresses from DHCP.
You need to ensure that Network Access Protection (NAP) enforcement for DHCP applies to all of the client computers except for the client computers in the New York office.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
Answer:
Explanation:
The DHCP enforcement for the Network Access Protection is only possible for the IPv4 protocol. We can enable the Network Access Protection in the properties of IPv4 for all areas and then in the field of [192.168.0.0] contoso.com – disable New York.
QUESTION 97
Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?
A. Add your user account to the Group Policy Creator Owners group.
B. Configure all domain controllers as global catalog servers.
C. Copy files from %Windir%\Policydefimtions to the central store.
D. Modify the Delegation settings of the new GPOs.
Answer: C
Explanation:
To take advantage of the benefits of . admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any . admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
QUESTION 98
Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1.
The dev.contoso.com forest contains a domain controller named DC2.
Each domain contains an organizational unit (OU) named OU1.
Dev.contoso.com has a Group Policy object (GPO) named GPO1.
GPO1 contains 200 settings, including several settings that have network paths.
GPO1 is linked to OU1.
You need to copy GPO1 from dev.contoso.com to contoso.com.
What should you do first on DC2?
A. From the Group Policy Management console, right-click GPO1 and select Copy.
B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC:DC 1 parameter.
C. Run the Save-NetGpocmdlet.
D. Run the Backup-Gpocmdlet.
Answer: D
Explanation:
With the cmdlet Backup-GPO can in the domain dev.certbase.de a backup be created by GPO1. Subsequently, the policy settings in the certbase.de domain can import GPO be imported into a new GPO. The direct restore a backup of a GPO to another forest is not possible. Copying a GPO via the functions “Copy” and Paste “the Group Policy Management is also not over the border of a forest possible. The cmdlet save NetGPO saving changes to its cached local GPO and Mtedit.exe starts the migration table editor.
QUESTION 99
Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Server 3, and Server4.
Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1.
You need to ensure that Server2 and Server3 receive connection requests.
Server4 must only receive connection requests if both Server2 and Server3 are unavailable.
How should you configure Group1?
A. Change the Weight of Server4 to 10.
B. Change the Weight of Server2 and Server3 to 10.
C. Change the Priority of Server2 and Server3 to 10.
D. Change the Priority of Server4 to 10.
Answer: D
Explanation:
During the NPS proxy configuration process, you can create remote RADIUS server groups and then add RADIUS servers to each group. To configure load balancing, you must have more than one RADIUS server per remote RADIUS server group. While adding group members, or after creating a RADIUS server as a group member, you can access the Add RADIUS server dialog box to configure the following items on the Load Balancing tab:
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server.
For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.
Weight. NPS uses this Weight setting to determine how many connection requests to send to each group member when the group members have the same priority level. Weight setting must be assigned a value between 1 and 100, and the value represents a percentage of 100 percent. For example, if the remote RADIUS server group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxy forwards 50 percent of the connection requests to each RADIUS server.
Advanced settings. These failover settingsprovide a way for NPS to determine whether the remote RADIUS server is unavailable. If NPS determines that a RADIUS server is unavailable, it can start sending connection requests to other group members. With these settings you can configure the number of seconds that the NPS proxy waits for a response from the RADIUS server before it considers the request dropped; the maximum number of dropped requests before the NPS proxy identifies the RADIUS server as unavailable; and the number of seconds that can elapse between requests before the NPS proxy identifies the RADIUS server as unavailable.
The default priority is 1 and can be changed from 1 to 65535. So changing server 2 and 3 to priority 10 is not the way to go.
http://technet.microsoft.com/en-us/library/dd197433(WS.10).aspx
QUESTION 100
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role installed. The network contains 400 client computers that run Windows 8. All of the client computers are joined to the domain and are configured DHCP clients.
You install a new server named Server2 that runs Windows Server 2012 R2.
On Server2, you install the Network Policy Server role service and you configure Network Access Protection (NAP) to use the DHCP enforcement method.
You need to ensure that Server1 only provides a valid default gateway to computers that pass the system health validation.
Which two actions should you perform?
(Each correct answer presents part of the solution. Choose two.)
A. From the DHCP console, configure the 016 Swap Server option.
B. From the DHCP console, create a new policy.
C. From the NAP Client Configuration console, enable the DHCP Quarantine Enforcement Client.
D. From the DHCP console, enable NAP on all scopes.
E. From Server Manager, install the Network Policy Server role service.
Answer: DE
Explanation:
D: The administrator must define the following settings on the NAP DHCP server:
/ (D) NAP-enabled scopes: In order to use a DHCP scope with NAP, you must enable it specifically for NAP in scope properties under NAP settings.
/ Default NAP class: You must configure any required scope options for computers that are noncompliant with health requirements. A default gateway is not provided to noncompliant computers regardless of whether the 003 Router option is configured here. / Remote RADIUS server groups: If connection requests are forwarded from the DHCP server to a NAP health policy server on another computer, you must configure the NPS service on the NAP DHCP server to forward connection requests to the NAP health policy server. This setting is not required if the NAP DHCP server is also the NAP health policy server. / Default user class: You must configure any required scope options for computers that are compliant with health requirements.
: The NAP DHCP server is a server running Windows Server 2008 or Windows Server 2008 R2 (or Windows 2012) with the DHCP server role installed and running. Additionally, if this server is not also the NAP health policy server, it must have the NPS role service installed (E), running, and configured to forward connection requests to the NAP health policy server. The NAP DHCP server restricts noncompliant client access by providing a limited IP address configuration to computers that do not meet health requirements. A limited access configuration has a subnet mask of 255.255.255.255 and no default gateway. Static host routes are provisioned to provide access to the DHCP server and any servers that have been added to remediation server groups on the NAP health policy server.
Reference: DHCP Enforcement Configuration
If you want to prepare for 70-411 exam in shortest time, with minimum effort but for most effective result, you can use GreatExam 70-411 practice test which simulates the actual testing environment and allows you to focus on various sections of 70-411 exam. Best of luck!