Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(241-250)!

QUESTION 241
You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com. You need to specify the email address of the person responsible for the zone. Which type of DNS record should you configure?

A.    Start of authority (SOA)
B.    Mail exchanger (MX)
C.    Host information (HINFO)
D.    Mailbox (MB)

Answer: A

QUESTION 242
You have a server named Server1 that runs Windows Server 2012 R2. You discover that the performance of Server1 is poor. The results of a performance report generated on Server1 are shown in the following table.
 clip_image001[88]
You need to identify the cause of the performance issue. What should you identify?

A.    Excessive paging
B.    NUMA fragmentation
C.    Driver malfunction
D.    Insufficient RAM

Answer: C
Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface. Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity.
Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue.
Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data.
http://technet.microsoft.com/en-us/library/cc768048.aspx

QUESTION 243
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. All domain users are configured to have a minimum password length of eight characters. You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. What should you do?

A.    Create a universal group that contains the research servers. Create a Password Settings object
(PSO) and assign the PSO to the group.
B.    Configure a local Group Policy object (GPO) on each research server.
C.    Create and link a Group Policy object (GPO) to the ResearchServers OU.
D.    Create a global group that contains the research servers. Create a Password Settings object
(PSO) and assign the PSO to the group.

Answer: C

QUESTION 244
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
 clip_image001[90]
Your company uses split-brain DNS for the contoso.com zone. You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)

 clip_image002[32]
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. Which additional name suffix entry should you add from the Remote Access Setup wizard?

A.    A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
B.    A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
C.    A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
D.    A Name Suffix value of dal.contoso.com and a DNS Server Address value of 65.55.37.62

Answer: A
Explanation:
For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name suffixes that do not have corresponding DNS servers are treated as exemptions.
http://technet.microsoft.com/en-us/library/ee382323(v=ws.10).aspx

QUESTION 245
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed. The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers. You need to add a system variable named App1Data to all of the client computers. Which Group Policy preference should you configure?

A.    Services
B.    Ini Files
C.    Environment
D.    Data Sources

Answer: C

QUESTION 246
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012 R2. Contoso.com contains two servers. The servers are configured as shown in the following table.
 clip_image001[92]
Server1 and Server2 host a load-balanced application pool named AppPool1. You need to ensure that AppPool1 uses a group Managed Service Account as its identity. Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[35]
Answer:
 clip_image002[37]

QUESTION 247
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. You need to identify which domain controller will be used for initial replication during the promotion of the RODC. Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
 clip_image001[94]
Answer:

clip_image001[96]

QUESTION 248
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. Recently, all of the domain controllers that ran Windows Server 2003 were replaced by domain controllers that run Windows Server 2012 R2.
From Event Viewer, you discover SYSVOL journal wrap errors on a domain controller named dclO.contoso.com.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which three actions should you perform on DC10?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[39]
Answer:
 clip_image002[41]
Explanation:
Box 1: Stop the Distributed File System (DFS) Replication service.
Box 2: Modify the computer objected DC10 in Active Directory.
Box 3: Start the Distributed File System (DFS) Replication service.
Note:
* In very large replica sets, replica members may encounter the following error during an authoritative restore (BURFLAGS=D4):
journal_wrap_error
To recover, the affected replica member must be reinitialized with a nonauthoritative restore (BURFLAGS=D2) where it will synchronize files from an existing inbound partner. This reinitialization can be time-consuming for large replica sets.

QUESTION 249
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the following role services installed:
– DirectAccess and VPN (RRAS)
– Network Policy Server
Remote users have client computers that run either Windows XP, Windows 7, or Windows 8. You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. What should you configure on Server1?

A.    A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy
B.    A condition of a Network Policy Server (NPS) network policy
C.    A condition of a Network Policy Server (NPS) connection request policy
D.    A constraint of a Network Policy Server (NPS) network policy

Answer: B

QUESTION 250
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed. You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[43]
You need to configure a pre-staged device for VM1 in the Windows Deployment Services console. Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A.    979708BFC04B45259FE0C4150BB6C618
B.    979708BF-C04B-4525-9FE0-C4150BB6C618
C.    00155D000F1300000000000000000000
D.    0000000000000000000000155D000F13
E.    00000000-0000-0000-0000-C4150BB6C618

Answer: BD
Explanation:
Use client computer’s media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.
http://technet.microsoft.com/en-us/library/cc754469.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(231-240)!

QUESTION 231
Hotspot Question
Your network contains an Active Directory domain named contoso.com. You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.

 clip_image001[72]
Answer:
 clip_image001[74]

QUESTION 232
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?

A.    Group Policy Management
B.    Server Manager
C.    Get-ADAccountResultantPasswordReplicationPolicy
D.    Active Directory Administrative Center

Answer: D
Explanation:
A. ADAC Only
B. ADAC Only
C. Gets the resultant password replication policy for an Active Directory account.
D. You must use the Windows Server 2012 R2 version of Active Directory Administrative Center to administer finegrained password policies through a graphical user interface.
http://technet.microsoft.com/en-us/library/ee617227.aspx
http://technet.microsoft.com/en-us/library/hh831702.aspx#fine_grained_pswd_policy_mgmt

QUESTION 233
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[76]
You open Active Directory Users and Computers on a client computer and connect to DC1. You display the members of a group named Group1 as shown in the Group1 Members exhibit. (Click the Exhibit button.)

 clip_image001[78]
When you view the properties of a user named Userl02, you receive the error message shown in the Error exhibit. (Click the Exhibit button.)
 clip_image001[80]
The error message does not display for any other members of Group1. You need to identify which domain controller causes the issue shown in the error message. Which domain controller should you identify?

A.    DC1
B.    DC2
C.    DC10
D.    DC11

Answer: B
Explanation:
The infrastructure master for a domain periodically examines the references, within its replica of the directory data, to objects not held on that domain controller. It queries a Global Catalog server for current information about the distinguished name and SID of each referenced object. If this information has changed, the infrastructure master makes the change in its local replica and also replicates the new values to other domain controllers within the domain.
The error hints the object reference is not updated in Infrastructure Master of Contoso.com domain.

QUESTION 234
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. All client computers run Windows 8. Users share the client computers and frequently log on to different client computers. You need to ensure that when the users save files in the Documents folder, the files are saved automatically to \\Server1\Users\. The solution must minimize the amount of network traffic that occurs when the users log on to the client computers. What should you do?

A.    From a Group Policy object (GPO), configure the Folder Redirection settings
B.    From the properties of each user account, configure the Home folder settings
C.    From the properties of each user account, configure the User profile settings
D.    From a Group Policy object (GPO), configure the Drive Maps preference.

Answer: A
Explanation:
http://en.wikipedia.org/wiki/Folder_redirection

QUESTION 235
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to configure Server1 as a network address translation (NAT) server. Which node should you use to add the NAT routing protocol? To answer, select the appropriate node in the answer area.

 clip_image002[28]
Answer:
 clip_image002[30]

QUESTION 236
Hotspot Question
You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. What should you configure? To answer, select the appropriate tab in the answer area.
 clip_image001[82]
Answer:
 clip_image001[84]

QUESTION 237
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet. Which two configurations should you perforin? (Each correct answer presents part of the solution. Choose two.)

A.    Set the MS-RAS Vendor ID condition to $teelHead.
B.    Set the Called Station ID constraint to 192.168.0.
C.    Set the Client IP4 Address condition to 192.168.0.0/24.
D.    Set the MS-RAS Vendor ID condition to ^311$.
E.    Set the Called Station ID constraint to 192.168.0.0/24.
F.    Set the Client IP4 Address condition to 192.168.0.

Answer: DF
Explanation:
D: MS-RAS-Vendor Matches “^311$” ) The condition means that the policy applies only when the version of the RADIUS client is ^311$, so subsequent settings in this policy apply only to RRAS machines.
F: Client IPv4 Address
Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.

QUESTION 238
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT).
What should you do?

A.    From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each
network adapter.
B.    From Routing and Remote Access, add an IPv4 routing protocol.
C.    From Routing and Remote Access, add an IPv6 routing protocol.
D.    From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each
network adapter.

Answer: B

QUESTION 239
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?

A.    Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group
Policy object (GPO).
B.    Configure a DNS suffix search list on the DirectAccess clients.
C.    Enable the Route all traffic through the internal network policy setting in the DirectAccess Server
Settings Group Policy object (GPO).
D.    Configure DirectAccess to enable force tunneling.

Answer: D

QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?

A.    From Active Directory Users and Computers, run the Delegation of Control Wizard
B.    From a command prompt, run the dsadd computer command
C.    From Active Directory Users and Computers, configure the Managed By settings of the RODC1 account.
D.    From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

Answer: C
Explanation:
Modify the Managed By tab of the RODC account properties in the Active Directory Users and Computers snap-in, as shown in the following figure. You can click Change to change which security principal is the delegated RODC administrator. You can choose only one security principal. Specify a security group rather than an individual user so you can control RODC administration permissions most efficiently. This method changes the managedBy attribute of the computer object that corresponds to the RODC to the SID of the security principal that you specify. This is the recommended way to specify the delegated RODC administrator account because the information is stored in AD DS, where it can be centrally managed by domain administrators.
 clip_image001[86]
Incorrect:
Not A: You delegate administration of a domain or organizational unit by using the Delegation of Control wizard available in the Active Directory Users and Computers snap- in.
Not B: dsadd group just adds a group to the Active Directory

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(221-230)!

QUESTION 221
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. You need to use the Group Policy object (GPO) to assign members to a computer group. Which setting should you configure in the GPO? To answer, select the appropriate setting in the answer area.
 clip_image002
Answer:
 clip_image002[4]
Explanation:
Client-side targeting involves automatically assigning the computers by using either Group Policy or registry keys. Second, create the computer group in WSUS. Third, move the computers into groups by using whichever method you chose in the first step. http://technet.microsoft.com/en-us/library/cc720433(v=ws.10).aspx

QUESTION 222
The contoso.com domain contains a a DNS server named Server1 that host a primary zone. Server2 contains a a secondary zone for the contoso.com doamin. You need to configure how long Server2 queries Server1 to renew the zone. What should you configure?

A.    Retry Interval
B.    Minimum TTL
C.    Refresh Interval
D.    Authority Record

Answer: C
Explanation:
A. The time, in seconds, a secondary server waits before retrying a failed zone transfer. Normally, this time is less than the refresh interval. The default value is 600 seconds (10 minutes). B The default Time-To-Live (TTL) of the zone and the maximum interval for caching negative answers to name queries. The default value is 3,600 seconds (1 hour). C. The time, in seconds, that a secondary DNS server waits before querying its source for the zone to attempt renewal of the zone. When the refresh interval expires, the secondary DNS server requests a copy of the current SOA record for the zone from its source, which answers this request. The secondary DNS server then compares the serial number of the source server’s current SOA record (as indicated in the response) with the serial number in its own local SOA record. If they are different, the secondary DNS server requests a zone transfer from the primary DNS server. The default for this field is 900 seconds (15 minutes).
D.
http://technet.microsoft.com/en-us/library/cc779148(v=ws.10).aspx

QUESTION 223
You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed. You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?

A.    The relay agent information
B.    The user class
C.    The vendor class
D.    The client identifier

Answer: B
Explanation:
To configure a NAP-enabled DHCP server
On the DHCP server, click Start, click Run, in Open, type dhcpmgmt.smc, and then press ENTER.
In the DHCP console, open <servername>\IPv4.
Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.
On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK.
In the DHCP console tree, under the DHCP scope that you have selected, right- click Scope Options, and then click Configure Options. On the Advanced tab, verify that Default User Class is selected next to User class. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add.
Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization’s domain name (for example, woodgrovebank.local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.
On the Advanced tab, next to User class, choose Default Network Access Protection Class.
Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.
Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.woodgrovebank.local), and then click OK. This domain is a restricted- access network assigned to noncompliant NAP clients.
Click OK to close the Scope Options dialog box.
Close the DHCP console.
http://technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx

QUESTION 224
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You mount an Active Directory snapshot on DC1. You need to expose the snapshot as an LDAP server. Which tool should you use?

A.    ADSI Edit
B.    Ntdsutil
C.    Dsamain
D.    Ldp

Answer: C
Explanation:
 clip_image002[6]
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

QUESTION 225
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has a drive named E that is encrypted by using BitLocker Drive Encryption (BitLocker). A recovery key is stored on drive C. Drive E becomes locked. When you attempt to use the recovery key, you receive the following error message.
 clip_image001
You need to access the data stored on drive E. What should you run first?

A.    manage-bde -protectors -get e:
B.    manage-bde -unlock e: -recoverykey c:\
C.    disable-bitlocker -mountpoint e:
D.    unlock-bitlocker -mountpoint e: -recoverykeypath c:

Answer: A
Explanation:
Manage-bde is used to turn on or turn off BitLocker, specify unlock mechanisms, update recovery methods, and unlock BitLocker-protected data drives. This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item. http://technet.microsoft.com/en-us/library/ff829849.aspx

QUESTION 226
Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

A.    Modify the Link1 shortcut preference of GPO1.
B.    Enable loopback processing in GPO1.
C.    Enforce GPO1.
D.    Modify the Security Filtering settings of GPO1.

Answer: A
Explanation:
This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the shortcut already exists.
 
http://technet.microsoft.com/en-us/library/cc753580.aspx
http://technet.microsoft.com/en-us/library/cc753580.aspx

QUESTION 227
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012 R2. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    From the Update Services console, create computer groups.
B.    From the Update Services console, configure the Computers options.
C.    From the Group Policy Management console, configure the Windows Update settings.
D.    From the Group Policy Management console, configure the Windows Anytime Upgrade settings.
E.    From the Update Services console, configure the Synchronization Schedule options.

Answer: C
Explanation:
Create one computer group for Main site and another group for Branch site. You can deploy Windows updates by computer group.

QUESTION 228
Your network contains an Active Directory forest named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
 clip_image001[6]
You plan to implement the BitLocker Drive Encryption (BitLocker) Network Unlock feature. You need to identify which server role must be deployed to the network to support the planned implementation. Which role should you identify?

A.    Network Policy and Access Services
B.    Volume Activation Services
C.    Active Directory Rights Management Services
D.    Windows Deployment Services

Answer: D

QUESTION 229
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You need to create an Active Directory snapshot on DC1. Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer area and arrange them in the correct order.
 clip_image001[8]
Answer:
 clip_image001[10]
Explanation:
http://www.petri.co.il/working-active-directory-snapshots-windows-server-2008.htm#
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

QUESTION 230
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Print1. Your company implements DirectAccess. A user named User1 frequently works at a customer’s office. The customer’s office contains a print server named Print1. While working at the customer’s office, User1 attempts to connect to Print1. User1 connects to the Print1 server in contoso.com instead of the Print1 server at the customer’s office. You need to provide User1 with the ability to connect to the Print1 server in the customer’s office.
Which Group Policy option should you configure?
To answer, select the appropriate option in the answer area.
 clip_image001[12]
Answer:

clip_image001[14]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(211-220)!

QUESTION 211
Your network contains an Active Directory domain named contoso.com. The domain controllers in the domain are configured as shown in the following table.
 clip_image001[64]
You deploy a new domain controller named DC3 that runs Windows Server 2012 R2. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center. You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?

A.    Raise the functional level of the domain.
B.    Upgrade DC1.
C.    Transfer the infrastructure master operations master role.
D.    Transfer the PDC emulator operations master role.

Answer: A
Explanation:
Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
http://technet.microsoft.com/en-us//library/cc754461%28v=ws.10%29.aspx

QUESTION 212
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 200 Group Policy objects (GPOs) and 100 WMI filters. An administrator named Admin1 must be able to create new WMI filters and edit all of the existing WMI filters from the Group Policy Management Console (GPMC). You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1.
What should you do?

A.    From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.
B.    From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
C.    From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
D.    From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers__group.

Answer: A
Explanation:
Users with Full control permissions can create and control all WMI filters in the domain,
including WMI filters created by others.
Users with Creator owner permissions can create WMI filters, but can only control WMI filters that they create.
http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx

QUESTION 213
Your network contains three Network Policy Server (NPS) servers named NPS1, NPS2, and NPS3. NPS1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1. You need to ensure that NPS2 receives connection requests. NPS3 must only receive connection requests if NPS2 is unavailable. How should you configure Group1?

A.    Change the Weight of NPS2 to 10.
B.    Change the Weight of NPS3 to 10.
C.    Change the Priority of NPS2 to 10.
D.    Change the Priority of NPS3 to 10.

Answer: D

QUESTION 214
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. All client computers are configured to download updates from Server1. You have a Group Policy object (GPO) named GPO1 that is linked to an organizational unit (OU) named Sales_OU.
You need to ensure that all of the computers in Sales_OU are added to a Windows Server Update Services (WSUS) computer group named SalesComputers.
Which setting should you configure in the GPO?
To answer, select the appropriate setting in the answer area.
 clip_image002[38]
Answer:
 clip_image002[40]

QUESTION 215
Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. On DC10, the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?

A.    Ultrasound
B.    Active Directory Sites and Services
C.    Frsutil
D.    Adsiedit.msc

Answer: D
Explanation:
How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like “D2” for FRS)
1. In the ADSIEDIT.MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative:
CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>
msDFSR-Enabled=FALSE
2. Force Active Directory replication throughout the domain.
3. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
4. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.
5. On the same DN from Step 1, set:
msDFSR-Enabled=TRUE
6. Force Active Directory replication throughout the domain.
7. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
8. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL. Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.

QUESTION 216
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings of contoso.com. You need to identify to which Active Directory object types you can directly apply the fine-grained password policies. Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.)

A.    Domain local groups
B.    Computers
C.    Universal groups
D.    Global groups
E.    Users

Answer: DE
Explanation:
First off, your domain functional level must be at Windows Server 2008. Second, Fine-grained password policies ONLY apply to user objects, and global security groups. Linking them to universal or domain local groups is ineffective. I know what you’re thinking, what about OU’s? Nope, Fine-grained password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed.
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups.
You can apply Password Settings objects (PSOs) to users or global security groups:
http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc770848%28v=ws.10%29.aspx http://www.brandonlawson.com/active-directory/creating-fine-grained-password-policies/

QUESTION 217
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1. You need to update the PATH variable on all of the client computers. Which Group Policy preference should you configure?

A.    Ini Files
B.    Services
C.    Environment
D.    Data Sources

Answer: C

QUESTION 218
Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway. A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.254. You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails. What should you do on Server1?

A.    Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
B.    Add 10.1.14.254 as a gateway and set the metric to 500.
C.    Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
D.    Add 10.1.14.254 as a gateway and set the metric to 1.

Answer: B

QUESTION 219
Your network contains and Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Server 2012. You need to collect the error events from all the servers on Server1. The solution ensure that when new servers are added to the domain, their error events are collected automatically on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    On Server1, create a source computer initiated subscription.
B.    From a Group Policy object (GPO), configure the Configure forwarder resource usage settings.
C.    From a Group Policy object (GPO), configure the Configure target Subscription Manager settings
D.    On Server1, create a collector initiated subscription.

Answer: AC
Explanation:
A. Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer.
C. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting.
http://technet.microsoft.com/en-us/library/cc722010.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx

QUESTION 220
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. You have a failover cluster named Cluster1. All of the nodes in Cluster1 have BitLocker Drive Encryption (BitLocker) installed.
You plan to add a new volume to the shared storage of Cluster1. You need to add the new volume to the shared storage. The solution must meet the following requirements:
– Encrypt the volume.
– Avoid using maintenance mode on the cluster.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[42]
Answer:
 clip_image002[44]
Explanation:
http://technet.microsoft.com/en-us/library/jj649829.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(201-210)!

QUESTION 201
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The contoso.com zone is Active Directory-integrated and configured to replicate to all of the domain controllers in the contoso.com domain. Server1 has a DNS record in the contoso.com zone. You need to verify when the DNS record for Server1 was last updated. In which Active Directory partition should you view the DNS record of Server1?
To answer, select the appropriate Active Directory partition in the answer area.
 clip_image002[30]
Answer:
 clip_image002[32]

QUESTION 202
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 has the Windows Server Update Services (WSUS) server role installed. WSUS is configured to use a Windows Internal Database. Server2 has Microsoft SQL Server 2008 R2 Standard deployed. You detach the SUSDB database from Server1 and attach the database to Server2. You need to ensure that Windows Deployment Services (WDS) on Server1 uses the database hosted on Server2. What should you do on Server1?

A.    Configure an ODBC file data source.
B.    Run the wsusutil command.
C.    Edit the registry.
D.    Configure an ODBC system data source.

Answer: C
Explanation:
Find the following key:
HKLM\SOFTWARE\Microsoft\UpdateServices\Server\Setup\SqlServerName. In the Value data box, type [BEName]\[InstanceName], and then click OK. If the instance name is the default instance, type [BEName].
Find the following key: HKLM\Software\Microsoft\Update Services\Server\Setup\wYukonInstalled. In the Value box, type 0, and then click OK. http://technet.microsoft.com/en-us/library/cc708558(WS.10).aspx

QUESTION 203
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers. A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group. You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
 clip_image001[50]
When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short. You need to tell User1 what her minimum password length is. What should you tell User1?

A.    10
B.    11
C.    12
D.    14

Answer: D

QUESTION 204
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. You log on to Server1 by using a user account named User2. From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[34]
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2.
To which group should you add User2?

A.    Enterprise Admins
B.    Domain Admins
C.    Server Operators
D.    Account Operators

Answer: B

QUESTION 205
Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com. The main office connects to the branch office by using an unreliable WAN link. You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days. Which setting should you modify in the start of authority (SOA) record?

A.    Retry interval
B.    Minimum (default) TTL
C.    Refresh interval
D.    Expires after

Answer: D
Explanation:
Refresh interval. Used to determine how often other DNS servers that load and host the zone must attempt to renew the zone.
Retry interval. Used to determine how often other DNS servers that load and host the zone are to retry a request for update of the zone each time that the refresh interval occurs. Expire interval. Used by other DNS servers that are configured to load and host the zone to determine when zone data expires if it is not renewed.

QUESTION 206
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. You plan to deploy 802.1x authentication to secure the wireless network. You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.lx deployment. Which authentication method should you identify?

A.    PEAP-MS-CHAP v2
B.    MS-CHAP v2
C.    EAP-TLS
D.    MS-CHAP

Answer: C

QUESTION 207
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?

A.    WMI Filtering
B.    Security Filtering
C.    Group Policy loopback processing mode
D.    Item-level targeting

Answer: B
Explanation:
* GPOs cannot be linked directly to users, computers, or security groups. They can only be linked to sites, domains and organizational units. However, by using security filtering, you can narrow the scope of a GPO so that it applies only to a single group, user, or computer.
* Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Reference: Security filtering using GPMC

QUESTION 208
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named User1. User1 is the member of a group named Group1. Group1 is in the Users container. You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
 clip_image002[36]
You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1. Which three GPOs should you identify in sequence? To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.
 clip_image001[52]
Answer:
 clip_image001[54]
Explanation:
* Box 1: Domain GPOs are applied before OU GPOs.
* Incorrect:
* NOT GPO2: GPO2 has Deny Apply Group Policy for Group1.
* Not GPO5: GPO4 is enforced. As GPO4 is within OU1 and OU2 is within OU1, GPO4 will not be applied.
* When a Group Policy Object (GPO) is enforced it means the settings in the Group Policy Object on an Organization Unit (which is shown as a folder within the Active Directory Users and Computers MMC) cannot be overruled by a Group Policy Object (GPO) which is link enabled on an Organizational Unit below the Organizational Unit with the enforced Group Policy Object (GPO). In Active Directory Users and Computers MMC ‘below’ means it is a subfolder.
* Group Policy Objects are processed in the following order (from top to bottom):
1. Local – Any settings in the computer’s local policy. Prior to Windows Vista, there was only one local group policy stored per computer. Windows Vista and later Windows versions allow individual group policies per user accounts.
2. Site – Any Group Policies associated with the Active Directory site in which the computer resides. (An Active Directory site is a logical grouping of computers that is meant to facilitate management of computers based on their physical proximity.) If multiple policies are linked to a site, they are processed in the order set by the administrator.
3. Domain – Any Group Policies associated with the Windows domain in which the computer resides. If multiple policies are linked to a domain, they are processed in the order set by the administrator.
4. Organizational Unit – Group policies assigned to the Active Directory organizational unit (OU) in which the computer or user are placed. (OUs are logical units that help organizing and managing a group of users, computers or other Active Directory objects.) If multiple policies are linked to an OU, they are processed in the order set by the administrator.

QUESTION 209
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to install the RIP version 2 routing protocol on Server1. Which node should you use to add the RIP version 2 routing protocol? To answer, select the appropriate node in the answer area.

 clip_image001[56]
Answer:
 clip_image001[58]

QUESTION 210
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. An administrator modifies the start of authority (SOA) record for the adatum.com zone. After the modification, you discover that when you add or modify DNS records in the adatum.com zone, the changes are not transferred to the DNS servers that host secondary copies of the adatum.com zone. You need to ensure that the records are transferred to all the copies of the adatum.com zone. What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area.

 clip_image001[60]
Answer:

clip_image001[62]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(191-200)!

QUESTION 191
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8. Group Policy objects (GPOs) are linked to the domain as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[38]
GPO2 contains computer configurations only and GP03 contains user configurations only. You need to configure the GPOs to meet the following requirements:
– Ensure that GPO2 only applies to the computer accounts in OU2 that have more than one processor.
– Ensure that GP03 only applies to the user accounts in OU3 that are members of a security group named SecureUsers.
Which setting should you configure in each GPO?
To answer, drag the appropriate setting to the correct GPO. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[40]
Answer:
 clip_image001[42]
QUESTION 192
Your network contains an Active Directory domain named contoso.com.You have a standard primary zone names contoso.com. You need to ensure that only users who are members of a group named Group1 can create DNS records in the contoso.com zone. All other users must be prevented from creating, modifying, or deleting DNS records in the zone. What should you do first?

A.    Run the Zone Signing Wizard for the zone.
B.    From the properties of the zone, change the zone type.
C.    Run the new Delegation Wizard for the zone.
D.    From the properties of the zone, modify the Start Of Authority (SOA) record.

Answer: B
Explanation:
The Zone would need to be changed to a AD integrated zone When you use directory-integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a secure group, such as a domain administrators group. This security feature is not available with standard primary zones
DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.
Standard (not an Active Directory integrated zone) has no Security settings:
 clip_image001[44]
You need to firstly change the “Standard Primary Zone” to AD Integrated Zone:
 clip_image001[46]
Now there’s Security tab:
 clip_image001[48]
http://technet.microsoft.com/en-us/library/cc753014.aspx
http://technet.microsoft.com/en-us/library/cc726034.aspx
http://support.microsoft.com/kb/816101

QUESTION 193
Your network contains an Active Directory domain named contoso.com. All client computers run Windows Vista Service Pack 2 (SP2). All client computers are in an organizational unit (OU) named OU1. All user accounts are in an OU named OU2. All users log on to their client computer by using standard user accounts. A Group Policy object (GPO) named GPO1 is linked to OU1. A GPO named GPO2 is linked to OU2. You need to apply advanced audit policy settings to all of the client computers. What should you do?

A.    In GPO1, configure a startup script that runs auditpol.exe.
B.    In GPO2, configure a logon script that runs auditpol.exe.
C.    In GPO1, configure the Advanced Audit Policy Configuration settings.
D.    In GPO2, configure the Advanced Audit Policy Configuration settings.

Answer: A

QUESTION 194
Your network contains two Active Directory domains named contoso.com and adatum.com. The contoso.com domain contains a server named Server1.contoso.com. The adatum.com domain contains a server named server2.adatum.com. Server1 and Server2 run Windows Server 2012 R2 and have the DirectAccess and VPN (RRAS) role service installed. Server1 has the default network policies and the default connection request policies. You need to configure Server1 to perform authentication and authorization of VPN connection requests to Server2. Only users who are members of Adatum\Group1 must be allowed to connect. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

A.    Network policies
B.    Connection request policies
C.    Create a network policy.
D.    Create a connection request policy.

Answer: AD
Explanation:
* Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
* With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client

QUESTION 195
You have a server that runs Windows Server 2012 R2. You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012 R2. You plan to apply several updates to Windows2012.vhd. You need to mount Windows2012.vhd to H:\. Which tool should you use?

A.    Device Manager
B.    Diskpart
C.    Mountvol
D.    Server Manager

Answer: B
Explanation:
 clip_image002[26]
http://technet.microsoft.com/en-us/library/cc753321.aspx

QUESTION 196
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed. You need to use WDS to deploy an image to a client computer that does not support PXE. Which type of image should you use to start the computer?

A.    Install
B.    Boot
C.    Discover
D.    Capture

Answer: C

QUESTION 197
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2. The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[28]
You need to enable access-based enumeration on the DFS namespace. What should you do first?

A.    Install the File Server Resource Manager role service on Server3 and Server5.
B.    Raise the domain functional level.
C.    Delete and recreate the namespace.
D.    Raise the forest functional level.

Answer: C

QUESTION 198
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain.
Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2.
OU1 contains a client computer named Computer1. OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?

A.    The GPO Status
B.    GPO links
C.    The Enforced setting
D.    Security Filtering

Answer: D
Explanation:
* GPOs cannot be linked directly to users, computers, or security groups. They can only be linked to sites, domains and organizational units. However, by using security filtering, you can narrow the scope of a GPO so that it applies only to a single group, user, or computer.
* Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Reference: Security filtering using GPMC

QUESTION 199
Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. On DC10, the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?

A.    Dfsgui.msc
B.    Replmon
C.    Adsiedit.msc
D.    Ultrasound

Answer: C
Explanation:
How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like “D2” for FRS)
1. In the ADSIEDIT.MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative:
CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>
msDFSR-Enabled=FALSE
2. Force Active Directory replication throughout the domain.
3. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
4. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.
5. On the same DN from Step 1, set:
msDFSR-Enabled=TRUE
6. Force Active Directory replication throughout the domain.
7. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
8. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL. Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.
Incorrect:
A: Dfsgui is for ealier versions of Windows Server.
B: Replmon is for Windows 2003 and earlier.
Reference: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like “D4/D2” for FRS)

QUESTION 200
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines. You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?

A.    Windows System Resource Manager (WSRM)
B.    Task Manager
C.    Resource Monitor
D.    Hyper-V Manager

Answer: D
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(181-190)!

QUESTION 181
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.
What should you modify? To answer, select the appropriate object in the answer area.
 clip_image001[32]
Answer:
 clip_image001[34]
Explanation:
http://technet.microsoft.com/en-us/library/cc771298(v=ws.10).aspx
Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic.

QUESTION 182
Your network contains two Active Directory domains named contoso.com and adatum.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone. You need to configure Server1 to resolve names in the adatum.com domain.
The solution must meet the following requirements:
– Prevent the need to change the configuration of the current name servers that host zones for adatum.com.
– Minimize Administrative effort.
Which type of zone should you create?

A.    Primary
B.    Secondary
C.    Reverse lookup
D.    Stub

Answer: D
Explanation:
A. When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS.
B. When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone
C. clients use a known IP address and look up a computer name based on its address. A reverse lookup takes the form of a question, such as “Can you tell me the DNS name of the computer that uses the IP address 192.168.1.20?”
D. When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone.
– Prevents Change to current zone
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://technet.microsoft.com/en-us/library/cc730980.aspx

QUESTION 183
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You need to ensure that Server2 can host a secondary zone for contoso.com.
What should you do from Server1?

A.    Add Server2 as a name server.
B.    Convert contoso.com to an Active Directory-integrated zone.
C.    Create a zone delegation that points to Server2.
D.    Create a trust anchor named Server2.

Answer: A
Explanation:
A. You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server’s IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list.
B. Instead of adding standard secondary DNS servers, you can convert the server from a primary DNS server to an Active Directory Integrated Primary server and configure another domain controller to be a DNS server
C. You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone.
http://technet.microsoft.com/en-us/library/cc770984.aspx
http://support.microsoft.com/kb/816101
http://technet.microsoft.com/en-us/library/cc753500.aspx
http://technet.microsoft.com/en-us/library/cc771640(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee649280(v=ws.10).aspx

QUESTION 184
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named Policy1.
You need to configure Policy1 to apply only to VPN connections that use the L2TP protocol.
What should you configure in Policy1?

A.    The Tunnel Type
B.    The Service Type
C.    The NAS Port Type
D.    The Framed Protocol

Answer: A
Explanation:
A. Restricts the policy to only clients that create a specific type of tunnel, such as PPTP or L2TP. B. Restricts the policy to only clients specifying a certain type of service, such as Telnet or Point to Point Protocol connections.
C. Allows you to specify the type of media used by the client computer to connect to the network. D. Restricts the policy to clients that specify a certain framing protocol for incoming packets, such as PPP or SLIP.
 clip_image001[36]
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx

QUESTION 185
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from User Configuration in GPO1?

A.    Preferences/Control Panel Settings/Network Options
B.    Policies/Administrative Templates/Windows Components/Windows Mobility Center
C.    Policies/Administrative Templates/Network/Windows Connect Now
D.    Policies/Administrative Templates/Network/Network Connections

Answer: A
Explanation:
A. The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension. http://technet.microsoft.com/en-us/library/cc772449.aspx

QUESTION 186
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU. A Group Policy object (GPO) named GPO1 is linked to Sales_OU.
You need to configure a dial-up connection for all of the sales users.
What should you configure from User Configuration in GPO1?

A.    Policies/Administrative Templates/Network/Windows Connect Now
B.    Policies/Administrative Templates/Windows Components/Windows Mobility Center
C.    Preferences/Control Panel Settings/Network Options
D.    Policies/Administrative Templates/Network/Network Connections

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc772107.aspx

QUESTION 187
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1.
You need to ensure that both virtual machines can use up to 8 GB of memory. The solution must ensure that both virtual machines can be started simultaneously.
What should you configure on each virtual machine?

A.    Dynamic Memory
B.    NUMA topology
C.    Memory weight
D.    Ressource Control

Answer: A

QUESTION 188
Your network contains an Active Directory domain named corp.contoso.com. The domain contains a domain controller named DC1. When you run ping dcl.corp.contoso.com, you receive the result as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[20]
You need to ensure that DC1 can respond to the Ping command.
Which rule should you modify? To answer, select the appropriate rule in the answer area.
 clip_image002[22]
Answer:
 clip_image002[24]

QUESTION 189
You have a server named Server1 that runs Windows Server 2012 R2.
You promote Server1 to domain controller.
You need to view the service location (SVR) records that Server1 registers on DNS.
What should you do on Server1?

A.    Open the Srv.sys file
B.    Open the Netlogon.dns file
C.    Run ipconfig/displaydns
D.    Run Get-DnsServerDiagnostics

Answer: B

QUESTION 190
Your company has a remote office that contains 600 client computers on a single subnet.
You need to select a subnet mask for the network that will support all of the client computers. The solution must minimize the number of unused addresses.
Which subnet mask should you select?

A.    255.255.252.0
B.    255.255.254.0
C.    255.255.255.0
D.    255.255.255.128

Answer: A
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(171-180)!

QUESTION 171
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection.
You need to minimize the amount of processor resources consumed by DFS Replication.
What should you do?

A.    Reduce the bandwidth usage.
B.    Disable Remote Differential Compression (RDC).
C.    Modify the staging quota.
D.    Modify the replication schedule.

Answer: B
Explanation:
Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files.
Question tells it uses a high-speed LAN connection.
http://technet.microsoft.com/en-us/library/cc758825%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc754229.aspx

QUESTION 172
Your company has a main office and two branch offices. The main office is located in New York. The branch offices are located in Seattle and Chicago.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. Active Directory site links exist between the main office and the branch offices. All servers run Windows Server 2012 R2.
The domain contains three file servers. The file servers are configured as shown in the following table.
 clip_image001[26]
You implement a Distributed File System (DFS) replication group named Rep1Group.
Rep1Group is used to replicate a folder on each file server. Rep1Group uses a hub and spoke topology. NYC-SVR1 is configured as the hub server.
You need to ensure that replication can occur if NYC-SVR1 fails.
What should you do?

A.    Create an Active Directory site link.
B.    Modify the properties of Rep1Group.
C.    Create an Active Directory site link bridge.
D.    Create a connection in Rep1lGroup.

Answer: D
Explanation:
http://faultbucket.ca/2012/08/fixing-a-dfsr-connection-problem/ http://faultbucket.ca/2012/08/fixing-a-dfsr-connection-problem/
http://technet.microsoft.com/en-us/library/cc771941.aspx

QUESTION 173
You have a server named Server1 that runs Windows Server 2012 R2. On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store performance log data in C:\Logs.
You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size.
What should you configure?

A.    A File Server Resource Manager (FSRM) quota on the C:\Logs folder
B.    A File Server Resource Manager (FSRM) file screen on the C:\Logs folder
C.    A schedule for DCS1
D.    The Data Manager settings of DCS1

Answer: D
Explanation:
http://sourcedaddy.com/windows-7/using-data-manager-view-performance-data.html

QUESTION 174
Your domain has contains a Windows 8 computer name Computer1 using BitLocker. The E:\ drive is encrypted and currently locked.
You need to unlock the E:\ drive with the recovery key stored on C:\
What should you run?

A.    Unlock-BitLocker
B.    Suspend-BitLocker
C.    Enable-BitLockerAutoUnloc
D.    Disable-BitLocker

Answer: A
Explanation:
A. Restores access to data on a BitLocker volume.
http://technet.microsoft.com/en-us/library/jj649833(v=wps.620).aspx

QUESTION 175
Your network contains and active Directory domain named contoso.com. The doman contains a server named Server1 that runs Windows Server 2012 R2 A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?

A.    auditpol.exe /set /user:admin1 /category:”detailed tracking” /failure:enable
B.    auditpol.exe /set/user:admin1 /failure:enable
C.    auditpol.exe /resourcesacl /set /type:keyauditpol.exe /resourcesacl /set /type: /access:ga
D.    auditpol.exe /resourcesacl /set /type:file /user:admin1 /failure

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/ff625687.aspx
set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders:
auditpol /resourceSACL /set /type:File /user:MYDOMAINmyuser /success /failure /access:FRFW
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx Syntax
auditpol /resourceSACL
[/set /type:<resource> [/success] [/failure] /user:<user> [/access:<access flags>]] [/remove /type:<resource> /user:<user> [/type:<resource>]] [/clear [/type:<resource>]]
[/view [/user:<user>] [/type:<resource>]]
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/ff625687.aspx
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx

QUESTION 176
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[14]
You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1.
What should you do?

A.    In Servers GPO, modify the Advanced Audit Configuration settings.
B.    On Server1, attach a task to the security log.
C.    In Servers GPO, modify the Audit Policy settings.
D.    On Server1, attach a task to the system log.

Answer: A
Explanation:
When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings. The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings.
Enabling Advanced Audit Policy Configuration
Basic and advanced audit policy configurations should not be mixed. As such, it’s best practice to enable Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found under Computer Configuration\Policies\Security Settings\Local Policies\Security Options, and sets the SCENoApplyLegacyAuditPolicy registry key to prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in.
In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously, there were nine basic auditing settings under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. These 53 new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.
Audit Policy settings
Any changes to user account and resource permissions.
Any failed attempts for user logon.
Any failed attempts for resource access.
Any modification to the system files.
Advanced Audit Configuration SettingsAudit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
A group administrator has modified settings or data on servers that contain finance information.
An employee within a defined group has accessed an important file. The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.
In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and so on.
Advanced Audit Configuration SettingsAdvanced Audit Configuration Settings ->Audit Policy
-> Account Management -> Audit User Account Management
 clip_image001[28]
In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and so on.
 clip_image002[16]
http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx
http://technet.microsoft.com/en-us/library/dd772623%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx
http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx#BKMK_step2

QUESTION 177
You have 3 server that runs Windows Server 2012 R2. The server contains the disks configured as shown in the following table.
 clip_image001[30]
You need to create a volume that can store up to 3 TB of user files. The solution must ensure that the user files are available if one of the disks in the volume fails. What should you create?

A.    A storage pool on Disk 2 and Disk 3
B.    A mirrored volume on Disk 2 and Disk 3
C.    A storage pool on Disk 1 and Disk 3
D.    A mirrored volume on Disk l and Disk 4
E.    Raid 5 Volume out of Disks 1, 2 and 3

Answer: B
Explanation:
A. Storage pool can’t use Dynamic disk
B. Mirrored volume will be > 3Tb
C. Storage pool can’t use Dynamic disk
D. is impossible, we need 3Tb of disk space
E. Raid5 need to be on dynamic disk

QUESTION 178
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2008. All domain controllers run Windows Server 2008 R2.
The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a BitLocker Drive Encryption (BitLocker)-encrypted drive. Server1 uses a Trusted Platform Module (TPM) chip.
You enable the Turn on TPM backup to Active Directory Domain Services policy setting by using a Group Policy object (GPO).
You need to ensure that you can back up the BitLocker recovery information to Active Directory.
What should you do?

A.    Raise the forest functional level to Windows Server 2008 R2.
B.    Enable the Configure the level of TPM owner authorization information available to the operating
system policy setting and set the Operating system managed TPM authentication level to None.
C.    Add a BitLocker data recovery agent.
D.    Import the TpmSchemaExtension.ldf and TpmSchemaExtensionACLChanges.ldf schema extensions
to the Active Directory schema.

Answer: D
Explanation:
You can configure BitLocker Drive Encryption to back up recovery information for BitLocker-protected drives and the Trusted Platform Module (TPM) to Active Directory Domain Services (AD DS). Recovery information includes the recovery password for each BitLocker-protected drive, the TPM owner password, and the information required to identify which computers and drives the recovery information applies to. Optionally, you can also save a package containing the actual keys used to encrypt the data as well as the recovery password required to access those keys.
Backing up recovery passwords for a BitLocker-protected drive allows administrators to recover the drive if it is locked. This ensures that encrypted data belonging to the enterprise can always be accessed by authorized users.
Backing up the TPM owner information for a computer allows administrators to locally and remotely configure the TPM security hardware on that computer. As an example, an administrator might want to reset the TPM to factory defaults when decommissioning or repurposing computers.
For Windows 8 a change to how the TPM owner authorization value is stored in AD DS was implemented in the AD DS schema.
The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schemas. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012 you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8.
 clip_image002[18]
http://technet.microsoft.com/en-us/library/dd875529%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/jj635854.aspx
http://technet.microsoft.com/en-us/library/jj679889.aspx

QUESTION 179
Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?

A.    Name Resolution Policy
B.    DNS Client
C.    Network Connections
D.    DirectAccess Client Experience Settings

Answer: A
Explanation:
For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, .internal.contoso.com or .corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers.
Include all intranet DNS namespaces that you want DirectAccess client computers to access. There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy.

QUESTION 180
You have a DNS server named Server1. Server1 has a primary zone named contoso.com. Zone Aging/ Scavenging is configured for the contoso.com zone. One month ago, an Administrator removed a server named Server2 from the network.
You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com.
You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.
What should you modify?

A.    The Security settings of the static resource records
B.    The Expires after value of contoso.com
C.    The Record time stamp value of the static resource records
D.    The time-to-live (TTL) value of the static resource records

Answer: C
Explanation:
C. reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged.
D. For most resource records, this field is optional. It indicates a length of time used by other DNS servers to determine how long to cache information for a record before expiring and discarding it.
http://technet.microsoft.com/en-us/library/cc771677.aspx http://technet.microsoft.com/en-us/library/cc758321(v=ws.10).aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(161-170)!

QUESTION 161
Your network contains an Active Directory domain named contoso.com. The domain does not contain a certification authority (CA). All servers run Windows Server 2012 R2. All client computers run Windows 8.
You need to add a data recovery agent for the Encrypting File System (EFS) to the domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From Windows PowerShell, run Get-Certificate.
B.    From the Default Domain Controllers Policy, select Create Data Recovery Agent.
C.    From the Default Domain Policy, select Add Data Recovery Agent.
D.    From a command prompt, run cipher.exe.
E.    From the Default Domain Policy, select Create Data Recovery Agent.
F.    From the Default Domain Controllers Policy, select Add Data Recovery Agent.

Answer: AC
Explanation:
A. Submits a certificate request to an enrollment server and installs the response or retrieves a certificate for a previously submitted request.
C. Add agent to default domain policy
http://technet.microsoft.com/en-us/library/hh848632(v=wps.620).aspx http://technet.microsoft.com/en-us/library/dd875560(v=ws.10).aspx#BKMK_proc_dra http://windowsitpro.com/systems-management/how-can-i-add-user-efs-recovery-agent-domain

QUESTION 162
Your network contains an Active Directory domain named contoso.com. The domain contains three domain controllers.
 clip_image001[16]
You are creating a Distributed File System (DFS) namespace as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[12]
You need to identify which configuration prevents you from creating a DFS namespace in Windows Server 2008 mode.
Which configuration should you identify?

A.    The location of the PDC emulator role
B.    The functional level of the domain
C.    The operating system on Server1 and Server3
D.    The location of the RID master role

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/ff633469(v=WS.10).aspx
Migrate the following domain-based namespace from Windows 2000 Server mode to Windows Server 2008 mode.

QUESTION 163
Your network contains an Active Directory domain named adatum.com. The domain contains five servers. The servers are configured as shown in the following table.
 clip_image001[18]
All desktop computers in adatum.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.
You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.
To which server should you deploy the feature?

A.    Server3
B.    Server1
C.    DC2
D.    Server2
E.    DC1

Answer: B
Explanation:
The BitLocker-NetworkUnlock feature must be installed on a Windows Deployment Server (which does not have to be configured–the WDSServer service just needs to be running). http://technet.microsoft.com/en-us/library/jj574173.aspx

QUESTION 164
Your network contains multiple Active Directory sites.
You have a Distributed File System (DFS) namespace that has a folder target in each site.
You discover that some client computers connect to DFS targets in other sites.
You need to ensure that the client computers only connect to a DFS target in their respective site.
What should you modify?

A.    The properties of the Active Directory sites
B.    The properties of the Active Directory site links
C.    The delegation settings of the namespace
D.    The referral settings of the namespace

Answer: D
Explanation:
A. A site is a set of well-connected subnets.
B. To control which sites replicate directly with each other
C. Determines the users and groups granted permissions to manage the replication group
D. A referral is an ordered list of servers that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or DFS folder with targets. After the computer receives the referral, the computer attempts to access the first server in the list. If the server is not available, the client computer attempts to access the next server. If a server becomes unavailable, you can configure clients to fail back to the preferred server after it becomes available.
http://www.windowsnetworking.com/articles_tutorials/Configuring-DFS-Namespaces.html http://technet.microsoft.com/en-us/library/cc794914(v=ws.10).aspx

QUESTION 165
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Server1 has a folder named Folder1 that is used by the sales department.
You need to ensure that an email notification is sent to the sales manager when a File Screening Audit report is generated.
What should you configure on Server1?

A.    A file screen exception
B.    A file group
C.    A storage report task
D.    A file screen

Answer: C
Explanation:
A. A file screen exception is a special type of file screen that overrides any file screening that would otherwise apply to a folder and all its subfolders in a designated exception path. That is, it creates an exception to any rules derived from a parent folder.
B. A file group is used to define a namespace for a file screen, file screen exception, or Files by File Group storage report.
C. file screening report will identify individuals or applications that violate file screening policy, To set e-mail notifications and certain reporting capabilities, you must first configure the general File Server Resource Manager options.
D. Control the types of files that users can save
http://technet.microsoft.com/en-us/library/cc730822.aspx
http://technet.microsoft.com/en-us/library/cc770594.aspx
http://technet.microsoft.com/en-us/library/cc771212.aspx
http://technet.microsoft.com/en-us/library/cc732074.aspx
http://technet.microsoft.com/en-us/library/cc755988.aspx

QUESTION 166
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the File Server Resource Manager role service installed.
You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[20]
You need to ensure that a user named User1 receives an email notification when the threshold is exceeded.
What should you do?

A.    Configure the File Server Resource Manager Options.
B.    Modify the members of the Performance Log Users group.
C.    Create a performance counter alert.
D.    Create a classification rule.

Answer: A
Explanation:
A. When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they have attempted to save files that have been blocked
B. Members of this group can manage performance counters, logs and alerts on the server locally and from remote clients without being a member of the Administrators group.
C. You can set an alert on a counter, thereby defining that a message be sent, a program be run, an entry made to the application event log, or a log be started when the selected counter’s value exceeds or falls below a specified setting.
D. File Classification Infrastructure provides insight into your data by automating classification processes so that you can manage your data more effectively. You can classify files and apply policies based on this classification. Example policies include dynamic access control for restricting access to files, file encryption, and file expiration. Files can be classified automatically by using file classification rules or manually by modifying the properties of a selected file or folder. http://technet.microsoft.com/en-us/library/cc756031(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc785098(v=ws.10).aspx http://technet.microsoft.com/en-us/library/bb490759.aspx
http://technet.microsoft.com/en-us/library/hh831701.aspx

QUESTION 167
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role. The DFS Namespaces role service, and the DFS Replication role service installed. Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are separated by a low-speed WAN connection.
You need to limit the amount of bandwidth that DFS can use to replicate between Server1 and Server2.
What should you modify?

A.    The referral ordering of the namespace
B.    The cache duration of the namespace
C.    The schedule of the replication group
D.    The staging quota of the replicated folder

Answer: C
Explanation:
A. A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets in the namespace. You can adjust how long clients cache a referral before requesting a new one.
B. DFS Replication uses staging folders for each replicated folder to act as caches for new and changed files that are ready to be replicated from sending members to receiving members.
C. A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.
D. Scheduling allows less bandwidth the by limiting the time interval of the replication
http://technet.microsoft.com/en-us/library/cc771251.aspx
http://technet.microsoft.com/en-us/library/cc754229.aspx
http://technet.microsoft.com/en-us/library/cc732414.aspx
http://technet.microsoft.com/en-us/library/cc753923.aspx

QUESTION 168
Your network contains an Active Directory domain named adatum.com. The domain contains five servers. The servers are configured as shown in the following table.
 clip_image001[22]
All desktop computers in adatum.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.
You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the network.
To which server should you deploy the feature

A.    DC1
B.    DC2
C.    Server1
D.    Server2

Answer: C
Explanation:
The BitLocker-NetworkUnlock feature must be installed on a Windows Deployment Server (which does not have to be configured–the WDSServer service just needs to be running). http://technet.microsoft.com/en-us/library/jj574173.aspx

QUESTION 169
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[24]
On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1.
You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1.
What should you configure?

A.    The Audit File System setting of Servers GPO
B.    The Sharing settings of C:\Share1
C.    The Security settings of C:\Share1
D.    The Audit File Share setting of Servers GPO

Answer: C
Explanation:
C. Access to objects, such as files and folders can be audited using the advanced security setting auditing tab on Share1 and adding Group1 and selecting the delete check box http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477- 8014-f2eb10f3f10f/

QUESTION 170
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. Server1 has a folder named Folder1 that is used by the human resources department.
You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a video file to Folder1.
What should you configure on Server1?

A.    A file screen
B.    A file screen exception
C.    A file group
D.    A storage report task

Answer: A
Explanation:
A. Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files
B. A file screen exception is a special type of file screen that overrides any file screening that would otherwise apply to a folder and all its subfolders in a designated exception path. That is, it creates an exception to any rules derived from a parent folder.
C. File are a group of file classified by extension (i.e. Images: ,jpg, .gif, etc..)
D. Create reports based on file use
http://technet.microsoft.com/en-us/library/cc732074.aspx http://technet.microsoft.com/en-us/library/cc730822.aspx http://technet.microsoft.com/en-us/library/cc755988(v=ws.10).aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(151-160)!

QUESTION 151
You have a server named Server1 that runs Windows Server 2012 R2.
You create a Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to log data to D:\logs.
What should you do?

A.    Right-click DCS1 and click Properties.
B.    Right-click DCS1 and click Save template…
C.    Right-click DCS1 and click Data Manager…
D.    Right-click DCS1 and click Export list…

Answer: A

QUESTION 152
You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume. You add a new hard disk to WSUS1 and then create a volume on the hard disk. You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume. What should you do?

A.    From a command prompt, run wsusutil.exe and specify the movecontent parameter.
B.    From the Update Services console, run the Windows Server Update Services Configuration Wizard.
C.    From the Update Services console, configure the Update Files and Languages option.
D.    From a command prompt, run wsusutil.exe and specify the export parameter.

Answer: A
Explanation:
A. configuration wizard will be run immediately after installation or at a later time. If you want to change the configuration later, you run WSUS Server Configuration Wizard from the Options page of the WSUS 3.0 Administration console
B. Changes the file system location where the WSUS server stores update files, and optionally copies any update files from the old location to the new location
C. The export command enables you to export update metadata to an export package file. You cannot use this parameter to export update files, update approvals, or server settings.
D. Allows you to specify where store downloaded update file, will not move already downloaded updates
http://technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc708480(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx

QUESTION 153
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8 Pro.
You have a Group Policy object (GPO) named GP1. GP1 is linked to the domain. GP1 contains the Windows Internet Explorer 10 and 11 Internet Settings. The settings are shown in the exhibit. (Click the Exhibit button.) Users report that when they open Windows Internet Explorer, the home page is NOT set to http:// www.contoso.com.
You need to ensure that the home page is set to http://www.contoso.com the next time users log on to the domain.
What should you do?
 clip_image001[6]

A.    On each client computer, run gpupdate.exe.
B.    Open the Internet Explorer 10 and 11 Internet Settings, and then press F5.
C.    Open the Internet Explorer 10 and 11 Internet Settings, and then modify the Tabs settings.
D.    On each client computer, run Invoke-GPupdate.

Answer: B
Explanation:
You can use Group Policy Preferences to manage Internet Explorer 10.
 clip_image001[8]
Enabling and disabling settings with F5 – F8
As you can see, the tabs are exactly the same as in Internet Explorer, but with added green and dotted red lines underneath individual settings or red and green circles in front of individual settings:
Settings with green lines underneath them or green circles in front of them get applied.
Settings with red lines underneath them or red circles in front of them do not get applied.
You can change theses statuses with the F5, F6, F7 and F8 buttons. With F5 you can enable all settings on a tab, while F6 only enables the specific setting you edited last. F8 disables all settings on a tab, while F7 only disables the specific setting you edited last. Press OK when done configuring settings.
http://4sysops.com/archives/internet-explorer-10-administration-part-3-group-policy-preferences/

QUESTION 154
Your network contains an Active Directory domain named contoso.com. The domain does not contain a certification authority (CA). All servers run Windows Server 2012 R2. All client computers run Windows 8.
You need to add a data recovery agent for the Encrypting File System (EFS) to the domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two).

A.    From the Default Domain Controllers policy, select Create Data Recovery Agent.
B.    From the Default Domain Controllers policy, select Add Data Recovery Agent.
C.    From Windows PowerShell, run Get-Certificate.
D.    From the Default Domain Policy, select Add Data Recovery Agent.
E.    From a command prompt, run cipher.exe.
F.    From the Default Domain Policy, select Create Data Recovery Agent.

Answer: CD
Explanation:
http://technet.microsoft.com/en-us/library/cc778448(v=ws.10).aspx

QUESTION 155
Your network contains multiple Active Directory sites.
You have a Distributed File System (DFS) namespace that has a folder target in each site.
You discover that some client computers connect to DFS targets in other sites.
You need to ensure that the client computers only connect to a DFS target in their respective site.
What should you modify?

A.    the properties of the Active Directory site links.
B.    the properties of the Active Directory sites.
C.    the delegation settings of the namespace
D.    the referral settings of the namespace

Answer: D

QUESTION 156
Your network contains an Active Directory domain named contoso.com.
You have a failover cluster named Cluster1. All of the nodes in Cluster1 have BitLocker Drive Encryption (BitLocker) installed.
You plan to add a new volume to the shared storage of Cluster1.
You need to add the new volume to the shared storage. The solution must meet the following requirements:
– Encrypt the volume.
– Avoid using maintenance mode on the cluster.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002
Answer:
 clip_image002[4]
Explanation:
http://technet.microsoft.com/en-us/library/jj649829.aspx

QUESTION 157
Your network contains an Active Directory domain named contoso.com. The domain functional level in Windows Server 2008. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a BitLocker Drive Encryption (BitLocker)-encrypted drive. Server1 uses a trusted Platform Module (TPM) chip.
You enable the Turn on TPM backup to Active Directory Domain Services policy setting by using a Group Policy object (GPO).
You need to ensure that you can back up the BitLocker recovery information to Active Directory.
What should you do?

A.    Upgrade a domain controller to Windows 2012.
B.    Enable the Store BitLocker recovery information in the Active Directory Services (Windows Server2008
and Windows Vista) policy settings.
C.    Raise the forest functional level to Windows 2008 R2.
D.    Add a BitLocker data recovery agent

Answer: B
Explanation:
B. You should also configure AD DS before configuring BitLocker on client computers. If BitLocker is enabled first, recovery information for those computers will not be automatically added to AD DS. If necessary, recovery information can be backed up to AD DS after BitLocker has been enabled by using either the Manage-bde command-line tool or the BitLocker Windows Management Instrumentation (WMI) provider.
http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx

QUESTION 158
Your company has a main office and a branch office. The main office is located in Seattle. The branch office is located in Montreal. Each office is configured as an Active Directory site. The network contains an Active Directory domain named adatum.com. The Seattle office contains a file server named Server1. The Montreal office contains a file server named Server2. The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed. Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication.
You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Create a replication connection.
B.    Create a namespace.
C.    Share and publish the replicated folder.
D.    Create a new topology.
E.    Modify the Referrals settings.

Answer: BCE
Explanation:
To share a replicated folder and publish it to a DFS namespace Click Start, point to Administrative Tools, and then click DFS Management. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the wizard.
Note that: If you do not have an existing namespace, you can create one in the Namespace Path page in the Share and Publish Replicated Folder Wizard. To create the namespace, in the Namespace Path page, click Browse, and then click New Namespace.
To create a namespace
Click Start, point to Administrative Tools, and then click DFS Management.
In the console tree, right-click the Namespaces node, and then click New Namespace. Follow the instructions in the New Namespace Wizard.
To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server instance on the Namespace Server page of the New Namespace Wizard.
Important
Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the forest functional level is Windows Server 2003 or higher. Doing so can result in a namespace for which you cannot delete DFS folders, yielding the following error message: “The folder cannot be deleted. Cannot complete this function.”
http://technet.microsoft.com/en-us/library/cc731531.aspx
http://technet.microsoft.com/en-us/library/cc772778%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc732414.aspx
http://technet.microsoft.com/en-us/library/cc772379.aspx
http://technet.microsoft.com/en-us/library/cc732863%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc725830.aspx
http://technet.microsoft.com/en-us/library/cc771978.aspx

QUESTION 159
You have a server named Server1 that runs Windows Server 2012 R2. An administrator creates a quota as shown in the Quota exhibit. (Click the Exhibit button.)
 clip_image002[6]
You run the dir command as shown in the Dir exhibit. (Click the Exhibit button.)
 clip_image001[10]
You need to ensure that D:\Folder1 can only consume 100 MB of disk space.
What should you do?

A.    From File Server Resource Manager, edit the existing quota.
B.    From the properties of drive D, enable quota management.
C.    From the Services console, set the Startup Type of the Optimize drives service to Automatic.
D.    From File Server Resource Manager, create a new quota.

Answer: D
Explanation:
Create a new Quota on path, without using the auto apply template and create quota on existing and new subfolders.

 clip_image002[8]
 clip_image002[10]
 clip_image001[12]
http://technet.microsoft.com/en-us/library/cc755603(v=ws.10).aspx

QUESTION 160
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains an organizational unit (OU) named FileServers_OU. FileServers_OU contains the computer accounts for all of the file servers in the domain.
You need to audit the users who successfully access shares on the file servers.
Which audit category should you configure? To answer, select the appropriate category in the answer area.
 clip_image001[14]
Answer:
 clip_image002
Explanation:
http://technet.microsoft.com/en-us/library/hh831382.aspx
http://technet.microsoft.com/en-us/library/cc766468(v=ws.10).aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(141-150)!

QUESTION 141
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services roll installed. Server1 stores update files locally in C:\Updates.
You need to change the location in which the updates files are stored to D:\Updates
What should you do?

A.    From the Update Services Console, run the Windows Server Update Services Configuration Wizard
B.    From the command prompt, run wsusutil.exe and specify the movecontent parameter
C.    From the command prompt, run wsusutil.exe and specify the export parameter
D.    From the Update Services Console, configure the update Files and Languages option

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx

QUESTION 142
You have Site1 with 400 desktops and Site2 with 150 desktops.
You have a WSUS Server to deploy updates for both sites.
You need to make sure that all computers in the same site will have the same updates.
What should you configure?

A.    Computer Groups
B.    Security Groups
C.    Synchronization Options
D.    Classifications

Answer: A
Explanation:
A. WSUS allows you to target updates to groups of client computers, so you can ensure that specific computers always get the right updates at the most convenient times. For example, if all the computers in one department (such as the Accounting team) have a specific configuration, you can set up a group for that team, decide which updates their computers need and what time they should be installed, and then use WSUS reports to evaluate the updates for the team.
http://technet.microsoft.com/en-us/library/hh328559(v=ws.10).aspx

QUESTION 143
You have a WDS server named Server1 on Windows Server 2012 R2.
You need to automate the WDS deployment.
Which Tab should you configure?

A.    Boot Properties
B.    Client Properties
C.    Network Settings
D.    PXE Response Settings

Answer: B
Explanation:
B. On the Client tab, select Enable unattended installation, browse to the appropriate unattend file, and then click Open.
http://technet.microsoft.com/en-us/library/dd637990(v=ws.10).aspx
 clip_image001

QUESTION 144
Which parameter do you need to use to import GUID and MAC address?

A.    /get-AutoAddDevices
B.    /get-Device
C.    /add
D.    /enable

Answer: B
Explanation:
wdsutil /get-device /id:01-23-45-67-89-AB
wdsutil /get-device /id:0123456789AB

QUESTION 145
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 and has the Windows Deployment Services (WDS) server role installed.
You need to use WDS to deploy an image to a client computer that does not support PXE.
Which type of image should you use to start the computer?

A.    boot
B.    install
C.    discovery
D.    capture

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd637996(v=ws.10).aspx
WDSUTIL /New-DiscoverImage /Image:<name> /Architecture:{x86|x64|ia64} . To specify whichserver the
/DestinationImage /FilePath:<path and name to new file>
discover image connects to, append /WDSServer:<server nameor IP>.
 clip_image001[4]

QUESTION 146
You are a admin (what a suprise huh?) you have wsus with 2 sites wich contain computers. you want to have the ability to update the computers per site or together. wich 3 steps do you do?

A.    Create computer groups in wsus
B.    Create synchronization options
C.    Create GPO and configure updates
D.    Under Tasks, click Synchronize now

Answer: ABC
Explanation:
http://technet.microsoft.com/en-us/library/hh852346.aspx
http://technet.microsoft.com/es-es/library/cc708455(v=ws.10).aspx

QUESTION 147
Which of the options should you configure for a WDS pre-staged computer name? You should select 2 of the 4 check boxes.

A.    GUID
B.    WdsClientUnattend
C.    MAC-address preceding with nulls
D.    ReferralServer

Answer: AC
http://technet.microsoft.com/en-us/library/cc754469.aspx

QUESTION 148
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs).
You attach a new VHD to Server1.
You need to install Windows Server 2102 R2 in the VHD.
What should you do?

A.    Run dism.exe and specify the /apply-image parameter.
B.    Run dism.exe and specify the /append-image parameter.
C.    Run imagex.exe and specify the /export parameter.
D.    Run imagex.exe and specify the /append parameter.

Answer: A

QUESTION 149
You have a server named Admin1 that runs Windows Server 2012 R2.
On Admin1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store performance log data in C:\Logs.
You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches 100 MB in size.
What should you configure?

A.    A File Server Resource Manager (FSRM) quota on the C:\Logs folder
B.    A File Server Resource Manager (FSRM) file screen on the C:\Logs folder
C.    A schedule for DCS1
D.    The Data Manager settings of DCS1

Answer: D
Explanation:
http://sourcedaddy.com/windows-7/using-data-manager-view-performance-data.html

QUESTION 150
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that has the File Services server role installed.
You install the Windows Deployment Services server role on Server1.
You plan to use Server2 as a reference computer.
You need to create an image of Server2 by using Windows Deployment Services.
Which type of image should you add to Server1 first?

A.    Boot
B.    Discovery
C.    Install
D.    Capture

Answer: A
Explanation:
A. Configure the server and add the default images (Install.wim and Boot.wim) that are included on the installation media (in the \Sources folder).
B. A type of boot image that you can use to install an operating system on a computer that is not Pre-Boot Execution Environment (PXE) enabled. When you boot a computer into a discover image, a Windows Deployment Services server will be located, and then you can choose the install image you want to install.
C. The operating system image that you deploy to the client computer. To create install images using Windows Deployment Services, you must first create a capture image.
D. A type of boot image that you boot a client computer into to capture the operating system as a .wim file.
You must first create a capture image when you are creating custom install images. http://technet.microsoft.com/en-us/library/cc730907(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj648426.aspx http://itadmi
ntips.wordpress.com/2011/05/19/wds-setup-guide-part-2-boot-image-setup/
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(131-140)!

QUESTION 131
Your network contains an Active Directory domain named corp.contoso.com. The domain contains two member servers named Server1 and Edge1. Both servers run Windows Server 2012 R2. Your company wants to implement a central location where the
system events from all of the servers in the domain will be collected. From Server1, a network technician creates a collector-initiated subscription for Edge1.
You discover that Server1 does not contain any events from Edge1.
You view the runtime status of the subscription as shown in the exhibit. (Click the Exhibit button.) You need to ensure that the system events from Edge1 are collected on Server1.
What should you modify? To answer, select the appropriate object in the answer area.
 clip_image001[87]
 clip_image002[62]
Answer:
 clip_image002[64]
Explanation:
If you intend to specify a user account by using the Specific User option in Advanced Subscription Settings when creating the subscription, you must ensure that account is a member of the local Administrators group on each of the source computers
http://technet.microsoft.com/en-us/library/cc748890.aspx

QUESTION 132
Your network contains an Active Directory domain named contoso.com. All client computers connect to the Internet by using a server that has Microsoft Forefront Threat Management Gateway (TMG) installed. You deploy a server named Server1 that runs Windows Server 2012 R2. You install the Windows Server Update Services server role on Server1. From the Windows Server Update Services Configuration Wizard, you click Start Connecting and you receive an HTTP error message.
You need to configure Server1 to download Windows updates from the Internet.
What should you do?

A.    From the Update Services console, modify the Synchronization Schedule options.
B.    From Windows Internet Explorer, modify the Connections settings.
C.    From Windows Internet Explorer, modify the Security settings.
D.    From the Update Services console, modify the Update Source and Proxy Server options.

Answer: D
Explanation:
A. Creates a time/schedule to synchronize the WSUS server
B. Not an IE issue
C. Not an IE issue
D. Specifies WSUS to update using MS Update or other WSUS server, configure Proxy server information to TMG server
http://technet.microsoft.com/en-
us/library/hh852346.aspx#BKM_ConfigureWSUSusingConfigurationWizard

QUESTION 133
Your network contains a single Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Updates Services server role installed and is configured to download updates from the Microsoft Update servers.
You need to ensure that Server1 downloads express installation files from the Microsoft Update servers.
What should you do from the Update Services console?

A.    From the Automatic Approvals options, configure the Update Rules settings.
B.    From the Products and Classifications options, configure the Classifications settings.
C.    From the Products and Classifications options, configure the Products settings.
D.    From the Update Files and Languages options, configure the Update Files settings.

Answer: D
Explanation:
To specify whether express installation files are downloaded during synchronization
In the left pane of the WSUS Administration console, click Options.
In Update Files and Languages, click the Update Files tab.
If you want to download express installation files, select the Download express installation files check box. If you do not want to download express installation files, clear the check box.
 clip_image001[89]
http://technet.microsoft.com/en-us/library/cc708431.aspx
http://technet.microsoft.com/en-us/library/cc708431.aspx

QUESTION 134
You have a VHD that contains an image of Windows Server 2012 R2.
You plan to apply updates to the image.
You need to ensure that only updates that can install without requiring a restart are installed.
Which DISM option should you use?

A.    /PreventPending
B.    /Apply-Unattend
C.    /Cleanup-Image
D.    /Add-ProvisionedAppxPackage

Answer: A
Explanation:
-PreventPending
Skips the installation of the package if the package or Windows image has pending online actions http://technet.microsoft.com/en-us/library/hh852164.aspx
http://technet.microsoft.com/en-us/library/dd744522(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744311(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh824882.aspx

QUESTION 135
Your network contains an Active Directory domain named adatum.com. The domain contains a server named WDS1 that runs Windows Server 2012 R2.
You install the Windows Deployment Services server role on WDS1.
You have a virtual machine named VM1 that runs Windows Server 2012 R2. VM1 has several line-of-business applications installed.
You need to create an image of VM1 by using Windows Deployment Services.
Which type of image should you add to VM1 first?

A.    Capture
B.    Install
C.    Discovery
D.    Boot

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc730907(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj648426.aspx http://itadmintips.wordpress.com/2011/05/19/wds-setup-guide-part-2-boot-image-setup/

QUESTION 136
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
You need to configure Windows Server Update Services (WSUS) to support Secure Sockets Layer (SSL).
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Run the wsusutil.exe command.
B.    From Internet Information Services (IIS) Manager, modify the bindings of the WSUS website.
C.    From Internet Information Services (IIS) Manager, modify the connection strings of the WSUS website.
D.    Run the iisreset.exe command.
E.    Install a server certificate.

Answer: ABE
Explanation:
http://www.vkernel.ro/blog/configure-wsus-to-use-ssl
1- First we need to request a certificate for the WSUS web site, so open IIS, click the server name, then open Server Certificates. On the Actions pane click Create Domain Certificate.
2- To add the signing certificate to the WSUS Web site in IIS 7.0 On the WSUS server, open Internet Information Services (IIS) Manager. Expand Sites, right-click the WSUS Web site, and then click Edit Bindings. In the Site Binding dialog box, select the https binding, and click Edit to open the Edit Site Binding dialog box. Select the appropriate Web server certificate in the SSL certificate box, and then click OK. Click Close to exit the Site Bindings dialog box, and then click OK to close Internet Information Services (IIS) Manager.
3- WSUSUtil.exe configuressl <FQDN of the software update point site system> (the name in your certificate)
WSUSUtil.exe configuressl <Intranet FQDN of the software update point site system>.
4- The next step is to point your clients to the correct url, by modifying the existing GPO or creating a new one. Open the policy Specify intranet Microsoft update service location and type the new url in the form https://YourWSUSserver.
The gpupdate /force command will just download all the GPO’s and re-apply them to the client, it won’t force the client to check for updates. For that you need to use wuauclt /detectnow.
http://technet.microsoft.com/en-us/library/bb680861.aspx

QUESTION 137
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
You have a Group Policy object (GPO) that configures the Windows Update settings.
You need to modify the GPO to configure all client computers to install Windows updates every Wednesday at 01:00.
Which setting should you configure in the GPO? To answer, select the appropriate setting in the answer area.
 clip_image002[66]
Answer:
 clip_image002[68]
Explanation:
The settings for this policy enable you to configure how Automatic Updates works. You must specify that Automatic Updates download updates from the WSUS server rather than from Windows Update.

QUESTION 138
Your network contains a domain controller named DC1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1. You need to configure DCS1 to collect the following information:
– The amount of Active Directory data replicated between DC1 and the other domain controllers
– The current values of several registry settings
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)

A.    Event trace data
B.    System configuration information
C.    A Performance Counter Alert
D.    A Performance Counter

Answer: BD
Explanation:
http://technet.microsoft.com/en-us/library/cc766404.aspx
Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent of capacity.
http://technet.microsoft.com/en-us/library/cc938554.aspx
http://technet.microsoft.com/en-us/library/cc749337.aspx
Log the current values of several registry settings. System configuration information allows you to record the state of, and changes to, registry keys.
 clip_image001[91]

QUESTION 139
You have a VHD that contains an image of Windows Server 2012 R2.
You need to apply an update package to the image.
Which DISM option should you use?

A.    /Add-ProvisionedAppxPackage
B.    /Cleanup-Image
C.    /Add-Package
D.    /Apply-Unattend

Answer: C
Explanation:
Apply the update package (.msu) file by typing the following at a command prompt, replacing <file_path> with the full path to the configuration set:
DISM /image:C:\MyDir\Mount /Add-Package /Packagepath:<file_path> http://technet.microsoft.com/en-us/library/dd744311(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd744522(v=ws.10).aspx http://technet.microsoft.com/en-us/library/hh824882.aspx
http://msdn.microsoft.com/en-us/library/ff794819.aspx

QUESTION 140
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that has the File Services server role installed.
You install the Windows Deployment Services server role on Server1.
You plan to use Server2 as a reference computer.
You need to create an image of Server2 by using Windows Deployment Services.
Which type of image should you add to Server1 first?

A.    Boot
B.    Discovery
C.    Install
D.    Capture

Answer: A
Explanation:
A. Configure the server and add the default images (Install.wim and Boot.wim) that are included on the installation media (in the \Sources folder)
B. A type of boot image that you can use to install an operating system on a computer that is not Pre-Boot Execution Environment (PXE) enabled. When you boot a computer into a discover image, a Windows Deployment Services server will be located, and then you can choose the install image you want to install.
C. The operating system image that you deploy to the client computer. To create install images using Windows Deployment Services, you must first create a capture image
D. A type of boot image that you boot a client computer into to capture the operating system as a .wim file.
You must first create a capture image when you are creating custom install images.
http://technet.microsoft.com/en-us/library/cc730907(v=ws.10).aspx http://technet.microsoft.com/en-us/library/jj648426.aspx http://itadmintips.wordpress.com/2011/05/19/wds-setup-guide-part-2-boot-image-setup/

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(121-130)!

QUESTION 121
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
You need to use the Group Policy object (GPO) to assign members to a computer group.
Which setting should you configure in the GPO? To answer, select the appropriate setting in the answer area.
 clip_image002[54]
Answer:
 clip_image002[56]

QUESTION 122
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2. You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    On Server1, create a collector initiated subscription.
B.    On Server1, create a source computer initiated subscription.
C.    From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D.    From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

Answer: BC
Explanation:
B: To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstatio
C: * Group Policy
The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting:
Computer configuration-Administrative templates-Windows components-Event forwarding- Configure the server address, refresh interval, and issue certificate authority of a target subscription manager.
* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows Components | Event Forwarding – Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager

QUESTION 123
You have Windows Server 2012 R2 installation media that contains a file named Install.wim.
You need to identify which images are present in Install.wim.
What should you do?

A.    Run imagex.exe and specify the/verify parameter.
B.    Run imagex.exe and specify the /ref parameter.
C.    Run dism.exe and specify the /get-mountedwiminfo parameter.
D.    Run dism.exe and specify the /get-imageinfo parameter.

Answer: D
Explanation:
Option: /Get-MountedImageInfo
Lists the images that are currently mounted and information about the mounted image such as whether the image is valid, read/write permissions, mount location, mounted file path, and mounted image index.
Example:
Dism /Get-MountedImageInfo
Option: /Get-ImageInfo
Arguments:
/ImageFile:<path_to_image.wim>
[{/Index:<Image_index> | /Name:<Image_name>}]
Displays information about the images that are contained in the .wim, .vhd or .vhdx file. When used with the /Index or /Name argument, information about the specified image is displayed. The /Name argument does not apply to VHD files. You must specify /Index:1 for VHD files.
Example:
Dism /Get-ImageInfo /ImageFile:C:\test\offline\install.wim
Dism /Get-ImageInfo /ImageFile:C:\test\images\myimage.vhd /Index:1
http://technet.microsoft.com/en-us/library/hh825224.aspx
http://technet.microsoft.com/en-us/library/hh825258.aspx

QUESTION 124
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?

A.    From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
B.    From the General settings, modify the Service status.
C.    From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
D.    From the General settings, modify the Startup type.

Answer: C
Explanation:
C. Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to None. Virtual machine state must be managed through the Failover Clustering feature.
http://technet.microsoft.com/en-us/library/cc742396.aspx
http://windowsitpro.com/windows-server-2012/enable-windows-server-2012-failover-cluster- hyper-v-vmmonitoring

QUESTION 125
Your network contains an Active Directory domain named contoso.com. The domain contains a member server that runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed.
You create a new multicast session in WDS and connect 50 client computers to the session. When you open the Windows Deployment Services console, you discover that all of the computers are listed as pending devices.
You need to ensure that any of the computers on the network can join a multicast transmission without requiring administrator approval.
What should you configure? To answer, select the appropriate tab in the answer area.
 clip_image001[81]
Answer:
 clip_image001[83]
Explanation:
Note:
Pending Devices: Depending on your PXE Response Settings, (WDS server properties), your PXE- booting clients will appear here for approval and/or naming.
http://technet.microsoft.com/en-us/library/cc732360.aspx

QUESTION 126
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Windows Server Update Services server role installed.
Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1.
You need to configure replica downstream servers to send Server1 summary information about the computer update status.
What should you do?

A.    From Server1, configure Reporting Rollup.
B.    From Server2, configure Reporting Rollup.
C.    From Server1, configure Email Notifications.
D.    From Server2, configure Email Notifications.

Answer: A
Explanation:
WSUS Reporting Rollup Sample Tool
This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file.
http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx

QUESTION 127
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
You generalize Server2.
You install the Windows Deployment Services (WDS) server role on Server1.
You need to capture an image of Server2 on Server1.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[58]
Answer:
 clip_image002[60]
Explanation:
Box 1: Start Server2 by using PXE.
Box 2: Add a capture image to Server1.
Box 3: Add an install image to Server1.
Note:
* Capture images are Windows Preinstallation Environment (Windows PE) images that allow you to easily capture the install images that you prepare using Sysprep.exe. Instead of using complex command-line tools, once you have run Sysprep.exe on your reference computer, you can boot to the Windows Deployment Services client computer using PXE and select the capture image. When the capture image boots, it starts the Capture Image Wizard, which will guide you through the capture process and optionally upload the new install image to a Windows Deployment Services server.
Steps
/ create a capture image.
/ Create an install image.
/ Add the install image to the Windows Deployment Services server.
* A capture image is a boot image that contains Windows PE 2.0, which has been modified to launch an image capture utility instead of setup. The image capture utility copies an image of the computer from the reference computer that has been prepared with Sysprep.exe. The output is an install image that you can add back to the Windows Deployment Services server and then deploy to client computers.
Reference: Create an Install, Capture, or Discover Image

QUESTION 128
Your network contains an Active Directory domain named adatum.com. Client computers are deployed by using Windows Deployment Services (WDS).
From Active Directory Users and Computers on a domain controller named DO, you attempt to create a new computer account as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you configure computer accounts as managed accounts when you create the computer accounts from Active Directory Users and Computers.
What should you do on DC1?
 clip_image001[85]

A.    Install the User Interfaces and Infrastructure feature.
B.    From the View menu in Active Directory Users and Computers, select Users, Contacts, Groups,
and Computers as containers.
C.    Install the Windows Deployment Services Tools role administration tool.
D.    From the View menu in Active Directory Users and Computers, select Advanced Features.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc754469.aspx

QUESTION 129
You have a server named Server1 that runs Windows Server 2012 R2. On Server1, you configure a custom Data Collector Set (DCS) named DCS1.
You need to ensure that all performance log data that is older than 30 days is deleted automatically.
What should you configure?

A.    a File Server Resource Manager (FSRM) quota on the %Systemdrive%\PerfLogs folder
B.    a schedule for DCS1
C.    the Data Manager settings of DCS1
D.    a File Server Resource Manager (FSRM) file screen on the %Systemdrive%\PerfLogs folder

Answer: C
Explanation:
A. Would set a quota on the logs folder, wouldnt remove old log data
B. Configures when the data set would start and stop collecting data, would not remove old log data
C. With Data Management, you can configure how log data, reports, and compressed data are stored for each Data Collector Set.
D. File screens allow certain types of files to prohibited from a share http://technet.microsoft.com/en-us/library/cc722312.aspx
http://technet.microsoft.com/en-us/library/cc765998.aspx
http://technet.microsoft.com/en-us/library/cc772675(v=ws.10).aspx

QUESTION 130
You have a server named Server1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1. You need to configure DCS1 to meet the following requirements:
– Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent of capacity.
– Log the current values of several registry settings.
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)

A.    System configuration information
B.    A performance counter
C.    Event trace data
D.    A Performance Counter Alert

Answer: AD
Explanation:
Automatically run a program when the amount of total free disk space on Admin1 drops below 10 percent of capacity.
You can also configure alerts to start applications and performance logs Log the current values of several registry settings.
System configuration information allows you to record the state of, and changes to, registry keys. http://technet.microsoft.com/en-us/library/cc766404.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(111-120)!

QUESTION 111
Your network contains a RADIUS server named Server1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1. On Server2, you create a new remote RADIUS server group named Group1 that contains Server1.
What should you configure next on Server2?
To answer, select the appropriate node in the answer area.
 clip_image001[65]
Answer:
 clip_image001[67]
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. http://technet.microsoft.com/en-us/library/cc753603.aspx

QUESTION 112
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2. You add a VPN server named Server2 to the network. On Server1, you create several network policies. You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?

A.    Connection Manager Administration Kit (CMAK).
B.    Routing and Remote Access
C.    Network Policy Server (NPS)
D.    Set-RemoteAccessRadius

Answer: C
Explanation:
Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access-Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy.
http://technet.microsoft.com/en-us/library/cc753603.aspx http://www.youtube.com/watch?v=0_1GOBTL4FE

QUESTION 113
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed. Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non- compliant DHCP clients from Scope1.
What should you create?
 clip_image001[69]

A.    A network policy that has the MS-Service Class condition
B.    A network policy that has the Identity Type condition
C.    A connection request policy that has the Identity Type condition
D.    A connection request policy that has the Service Type condition

Answer: A
Explanation:
A. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx

QUESTION 114
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You have a client named Client1 that is configured as an 802.1X supplicant.
You need to configure Server1 to handle authentication requests from Client1. The solution must minimize the number of authentication methods enabled on Server1.
Which authentication method should you enable?
To answer, select the appropriate authentication method in the answer area.
 clip_image001[71]
Answer:
 clip_image001[73]
Explanation:
Microsoft Windows uses EAP to authenticate network access for Point-to-Point Protocol (PPP) connections (dial-up and virtual private network) and for IEEE 802.1X-based network access to authenticating Ethernet switches and wireless access points (APs). http://technet.microsoft.com/en-us/library/bb457039.aspx

QUESTION 115
Drag and Drop Question
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to log all DHCP clients that have Windows Firewall disabled.
Which three actions should you perform in sequence? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[38]
Answer:
 clip_image002[40]
Explanation:
http://technet.microsoft.com/es-es/library/dd314198%28v=ws.10%29.aspx
http://technet.microsoft.com/es-es/magazine/2009.05.goat.aspx
http://technet.microsoft.com/es-es/library/dd314173%28v=ws.10%29.aspx
http://ripusudan.wordpress.com/2013/03/19/how-to-configure-nap-enforcement-for-dhcp/ http://technet.microsoft.com/es-es/magazine/2009.05.goat.aspx
http://technet.microsoft.com/en-us/library/dd125379%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc772356%28v=ws.10%29.aspx
 clip_image002[42]

clip_image002[44]

QUESTION 116
Drag and Drop Question
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to log all DHCP clients that have Windows Firewall disabled.
Which three actions should you perform in sequence?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

A.    Create a connection request policy
B.    Create Network Policy
C.    Create remediation server group
D.    Create Windows Security Health Validator (VSHV)
E.    Create a health Policy

Answer: BDE
Explanation:
http://technet.microsoft.com/es-es/magazine/2009.05.goat.aspx
http://technet.microsoft.com/es-es/library/dd314173%28v=ws.10%29.aspx

QUESTION 117
Hotspot Question
You have a server named LON-SVR1 that runs Windows Server 2012 R2. LON-SVR1 has the Remote Access server role installed. LON-SVRl is located in the perimeter network.
The IPv4 routing table on LON-SVR1 is configured as shown in the following exhibit. (Click the Exhibit button.)
Your company purchases an additional router named Router1. Router1 has an interface that connects to the perimeter network and an interface that connects to the Internet. The IP address of the interface that connects to the perimeter network is 172.16.0.2.
You need to ensure that LON-SVR1 will route traffic to the Internet by using Router1 if the current default gateway is unavailable.
How should you configure the static route on LON-SVR1?
To answer, select the appropriate static route in the answer area.
 clip_image001[75]
 clip_image002[46]
Answer:
 clip_image002[48]

QUESTION 118
Your network contains an Active Directory domain named contoso.com. The domain contains 2 WSUS servers, ServerA and ServerB. ServerB is a replica server of ServerA. You need to configure WSUS to report data from SERVERB to SERVERA What should you configure?

A.    Update Reports
B.    Synchronization
C.    Computer Groups
D.    Reporting Rollup

Answer: D
Explanation:
Explanation:
D. You can use Reports in Windows Server Update Services (WSUS) 3.0 SP2 to monitor the WSUS network, including updates, client computers, and downstream servers. If a WSUS server has replica servers, you can roll up client status information for the replica servers to the upstream server.
http://technet.microsoft.com/en-us/library/dd939891(v=ws.10).aspx

QUESTION 119
Your network contains an Active Directory domain named adatum.com. You have a Group Policy object (GPO) that configures the Windows Update settings. Currently, client computers are configured to download updates from Microsoft Update servers. Users choose when the updates are installed. You need to configure all client computers to install Windows updates automatically.
Which setting should you configure in the GPO? To answer, select the appropriate setting in the answer area.
 clip_image002[50]
Answer:
 clip_image002[52]
Explanation:
http://support.microsoft.com/kb/328010#method1

QUESTION 120
Your network contains an Active Directory domain called contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2.
You enable the EventLog-Application event trace session.
You need to set the maximum size of the log file used by the trace session to 10 MB.
From which tab should you perform the configuration?
To answer, select the appropriate tab in the answer area.
 clip_image001[77]
Answer:
 clip_image001[79]
Explanation:
Note: By default, logging stops only if you set an expiration date as part of the logging schedule. Using the options on the Stop Condition tab, you can configure the log file to stop automatically after a specified period of time, such as seven days, or when the log file is full (if you’ve set a maximum size limit).
http://technet.microsoft.com/en-us/magazine/ff458614.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(91-100)!

QUESTION 101
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[6]
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Router1.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?

A.    Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50
B.    Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
C.    Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100
D.    Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50

Answer: B
Explanation:
destination – specifies either an IP address or host name for the network or host.
subnetmask – specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used.
gateway – specifies either an IP address or host name for the gateway or router to use when forwarding.
costmetric – assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes. If costmetric is not specified, 1 is used.
interface – specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address.
http://support.microsoft.com/kb/299540/en-us
http://technet.microsoft.com/en-us/library/cc757323%28v=ws.10%29.aspx

QUESTION 102
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)

A.    The Called Station ID constraints
B.    The MS-Service Class conditions
C.    The Health Policies conditions
D.    The NAS Port Type constraints
E.    The NAP-Capable Computers conditions

Answer: CE
Explanation:
A. Used to designate the phone number of the network access server. This attribute is a character string. You can use pattern-matching syntax to specify area codes.
B. Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.
C. The Health Policies condition restricts the policy to clients that meet the health criteria in the policy that you specify.
D. Allows you to specify the type of media used by the client computer to connect to the network. E. The NAP-capable Computers condition restricts the policy to either clients that are capable of participating in NAP or clients that are not capable of participating in NAP. This capability is determined by whether the client sends a statement of health (SoH) to NPS. http://technet.microsoft.com/en-us/library/cc753603.aspx
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731560.aspx

QUESTION 103
Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table.
 clip_image001[6]
You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1?
(Each correct answer presents part of the solution. Choose two.)

A.    The Authentication settings
B.    The User Name condition
C.    The Standard RADIUS Attributes settings
D.    The Identity Type condition
E.    The Location Groups condition

Answer: AB
Explanation:
A: A connection request policy profile is a set of properties that are applied to an incoming RADIUS message. A connection request policy profile consists of the following groups of properties:
/ Authentication
You can set the following authentication options that are used for RADIUS Access-Request messages:
// Authenticate requests on this server.
// Forward requests to another RADIUS server in a remote RADIUS server group. // Accept the connection attempt without performing authentication or authorization.
/ Accounting
/ Attribute manipulation
/ Advanced
B: * A connection request policy is a named rule that consists of the following elements:
/ Conditions
/ Profile
* The User-Name RADIUS attribute is a character string that typically contains a user account location and a user account name. The user account location is also called the realm or realm name, and is synonymous with the concept of domain, including DNS domains, Active Directory domains, and Windows NT 4.0 domains
Note:
* NPS as a RADIUS proxy
The default connection request policy is deleted, and two new connection request policies are created to forward requests to two different domains. In this example, NPS is configured as a RADIUS proxy. NPS does not process any connection requests on the local server. Instead, it forwards connection requests to NPS or other RADIUS servers that are configured as members of remote RADIUS server groups.

QUESTION 104
Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table.
 clip_image001[8]
You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.)

A.    The Standard RADIUS Attributes settings
B.    The Location Groups condition
C.    The User Name condition
D.    The Identity Type condition
E.    The Authentication settings

Answer: CE
Explanation:
C. he User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern-matching syntax to specify user names.
E. By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network.
Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access-Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy.
http://technet.microsoft.com/en-us/library/cc753603.aspx

QUESTION 105
You have installed Routing and Remote Access on Server1 what should you configure next to use it as a NAT server.

A.    Add New Interface
B.    Create Static Route
C.    Configure the IPv4 DHCP Relay Agent
D.    Configure the IPv6 DHCP Relay Agent

Answer: A
Explanation:
A. Network address translation (NAT) allows you to share a connection to the public Internet through a single interface with a single public IP address. The computers on the private network use private, non-routable addresses. NAT maps the private addresses to the public address. http://technet.microsoft.com/en-us/library/dd469812.aspx

QUESTION 106
Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Server3, and Server4. Server1 is configured as a RADIUS proxy that forwards connection request to a remote RADIUS server group named Group1. You need to ensure that Server2 and Server3 receitve connection requests. Server4 must only receive connection requests if both Server2 and Server3 are unavailable. How should you configrure Group1?

A.    Change the Weight of Server2 and Server3 to 10
B.    Change the Weight of Server4 to 10
C.    Change the Priority of Server2 and Server3 to 10
D.    Change the Priority of Server4 to 10

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd197433(WS.10).aspx

QUESTION 107
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.
 clip_image001[10]
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.
You need to ensure that the client computers can discover HRA servers automatically.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    On DC1, create a service location (SRV) record.
B.    On Server2, configure the EnableDiscovery registry key.
C.    On all of the client computers, configure the EnableDiscovery registry key.
D.    In a GPO, modify the Request Policy setting for the NAP Client Configuration.
E.    On DC1, create an alias (CNAME) record.

Answer: ACD
Explanation:
Requirements for HRA automatic discovery
The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery:
Client computers must be running Windows Vista?with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3).
The HRA server must be configured with a Secure Sockets Layer (SSL) certificate. The EnableDiscovery registry key must be configured on NAP client computers.
DNS SRV records must be configured.
The trusted server group configuration in either local policy or Group Policy must be cleared.
http://technet.microsoft.com/en-us/library/dd296901.aspx

QUESTION 108
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?

A.    The Host Credential Authorization Protocol (HCAP)
B.    A system health validator (SHV)
C.    The Remote Access server role
D.    A Computer certificate

Answer: D
Explanation:
A. Host Credential Authorization Protocol (HCAP) allows you to integrate your Microsoft Network Access Protection (NAP) solution with Microsoft Network Admission Control
B. System health validators (SHVs) define configuration requirements for NAP client computers.
C.
D. The NAP health policy server requires a computer certificate to perform PEAP-based user or computer authentication. After this certificate is acquired, a connection to AD CS is not required for as long as the certificate is valid.
http://technet.microsoft.com/en-us/library/cc732681.aspx
http://technet.microsoft.com/en-us/library/dd125396(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh831416.aspx
http://technet.microsoft.com/en-us/library/dd125301(v=ws.10).aspx

QUESTION 109
You deploy two servers named Server1 and Server2. You install Network Policy Server (NPS) on both servers. On Server1, you configure the following NPS settings:
– RADIUS Clients
– Network Policies
– Connection Request Policies
– SQL Server Logging Properties
You export the NPS configurations to a file and import the file to Server2. You need to ensure that the NPS configurations on Server2 are the same as the NPS configurations on Server1.
Which settings should you manually configure on Server2?

A.    SQL Server Logging Properties
B.    Connection Request Policies
C.    RADIUS Clients
D.    Network Policies

Answer: A
Explanation:
A. If SQL Server logging is configured on the source NPS server, SQL Server logging settings are not exported to the XML file. After you import the file on another NPS server, you must manually configure SQL Server logging.
B. Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
C. A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting.
D. Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can or cannot connect.
http://technet.microsoft.com/en-us/library/cc732059(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc753603.aspx
http://technet.microsoft.com/en-us/library/cc754033.aspx
http://technet.microsoft.com/en-us/library/cc754107(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc754123.aspx

QUESTION 110
You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate? To answer, select the appropriate store in the answer area.
 clip_image001[12]
Answer:

 clip_image001[14]
Explanation:
http://technet.microsoft.com/en-us/library/dd314152(v=ws.10).aspx http://blog.instruosolutions.com/2012/10/10/configuring-microsoft-nps-server-2008-for-wireless- clientauthentication-ms-peap/

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html

1 2 3 4