70 411 exam dumps [Jan 2018]

Exam Code: 70 411 exam (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Administering Windows Server 2012
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70 411 study guide Exam.

Q101. Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table. 

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. From the Remote Access Management Console, reload the configuration. 

B. Add Server2 to a security group in Active Directory. 

C. Restart the IPSec Policy Agent service on Server2. 

D. From the Remote Access Management Console, modify the Infrastructure Servers settings. 

E. From the Remote Access Management Console, modify the Application Servers settings. 

Answer: B,E 

Explanation: 

Unsure about these answers: 

A public key infrastructure must be deployed. 

Windows Firewall must be enabled on all profiles. 

ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6. 

Computers that are running the following operating systems are supported as DirectAccess clients: 

Windows Server. 2012 R2 

Windows 8.1 Enterprise 

Windows Server. 2012 

Windows 8 Enterprise 

Windows Server. 2008 R2 

Windows 7 Ultimate 

Windows 7 Enterprise 

. Force tunnel configuration is not supported with KerbProxy authentication. 

. Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. 

. Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported. 


Q102. Your network contains an Active Directory domain named contoso.com. The domain 

contains a RADIUS server named Server1 that runs Windows Server 2012 R2. 

You add a VPN server named Server2 to the network. 

On Server1, you create several network policies. 

You need to configure Server1 to accept authentication requests from Server2. 

Which tool should you use on Server1? 

A. Server Manager 

B. Routing and Remote Access 

C. New-NpsRadiusClient 

D. Connection Manager Administration Kit (CMAK) 

Answer:

Explanation: 

New-NpsRadiusClient -Name "NameOfMyClientGroup" -Address "10.1.0.0/16" -AuthAttributeRequired 0 -NapCompatible 0 -SharedSecret "SuperSharedSecretxyz" -VendorName "RADIUS Standard" 

Reference: 

http: //technet. microsoft. com/en-us/library/hh918425(v=wps. 620). aspx 

http: //technet. microsoft. com/en-us/library/jj872740(v=wps. 620). aspx 

http: //technet. microsoft. com/en-us/library/dd469790. aspx 


Q103. You have a server named Server1 that runs Windows Server 2012 R2. 

You create a custom Data Collector Set (DCS) named DCS1. 

You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent. 

Which type of data collector should you create? 

A. A performance counter alert 

B. A configuration data collector 

C. A performance counter data collector 

D. An event trace data collector 

Answer:

Explanation: 

Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid unnecessary alerts. 


Q104. Your network contains an Active Directory domain named contoso.com. 

You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.) 

You plan to use the User1 account as a service account. The service will forward authentication requests to other servers. 

You need to ensure that you can view the Delegation tab from the properties of the User1 account. 

What should you do first? 

A. Configure the Name Mappings of User1. 

B. Modify the user principal name (UPN) of User1. 

C. Configure a Service Principal Name (SPN) for User1. 

D. Modify the Security settings of User1. 

Answer:

Explanation: 

If you cannot see the Delegation tab, do one or both of the following: 

Register a Service Principal Name (SPN) for the user account with the Setspn utility in the 

support tools on your CD. Delegation is only intended to be used by service accounts, 

which should have registered SPNs, as opposed to a regular user account which typically 

does not have SPNs. 

Raise the functional level of your domain to Windows Server 2003. For more information, 

see Related Topics. 

References: 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 

http: //technet. microsoft. com/en-us/library/cc739474(v=ws. 10). aspx 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 


Q105. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. 

You pre-create a read-only domain controller (P.QDC) account named RODC1. 

You export the settings of RODC1 to a file named Filel.txt. 

You need to promote RODC1 by using File1.txt. 

Which tool should you use? 

A. The Install-WindowsFeature cmdlet 

B. The Add-WindowsFeature cmdlet 

C. The Dism command 

D. The Install-ADDSDomainController cmdlet 

E. the Dcpromo command 

Answer:


Q106. You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Files created by users in the human resources department are assigned the Department classification property automatically. 

You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more. 

You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort. 

What should you configure on Task1? 

A. Configure a file screen 

B. Create a condition 

C. Create a classification rule 

D. Create a custom action 

Answer:

Explanation: 

Create a File Expiration Task The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then create additional conditions, or edit or remove an existing condition. 


Q107. You have a server named Server 1. 

You enable BitLocker Drive Encryption (BitLocker) on Server 1. 

You need to change the password for the Trusted Platform Module (TPM) chip. 

What should you run on Server1? 

A. Manage-bde.exe 

B. Set-TpmOwnerAuth 

C. bdehdcfg.exe 

D. tpmvscmgr.exe 

Answer:

Explanation: 

The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry. 

Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value. 


Q108. Your network contains multiple Active Directory sites. 

You have a Distributed File System (DFS) namespace that has a folder target in each site. 

You discover that some client computers connect to DFS targets in other sites. 

You need to ensure that the client computers only connect to a DFS target in their respective site. 

What should you modify? 

A. The properties of the Active Directory sites 

B. The properties of the Active Directory site links 

C. The delegation settings of the namespace 

D. The referral settings of the namespace 

Answer:

Reference: 

http://www.windowsnetworking.com/articles_tutorials/Configuring-DFS-Namespaces.html 


Q109. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed. 

Server1 contains two boot images and four install images. 

You need to ensure that when a computer starts from PXE, the available operating system 

images appear in a specific order. 

What should you do? 

A. Modify the properties of the boot images. 

B. Create a new image group. 

C. Modify the properties of the install images. 

D. Modify the PXE Response Policy. 

Answer:


Q110. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. 

An administrator modifies the start of authority (SOA) record for the adatum.com zone. 

After the modification, you discover that when you add or modify DNS records in the 

adatum.com zone, the changes are not transferred to the DNS servers that host secondary 

copies of the adatum.com zone. 

You need to ensure that the records are transferred to all the copies of the adatum.com 

zone. 

What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area. 

Answer: 


Microsoft 70-411 Certification Sample Questions and Answers: https://www.braindumpsall.net/70-411-dumps/

P.S. New 70-411 dumps PDF: http://www.4easydumps.com/70-411-dumps-download.html