It is more faster and easier to pass the 70 411 exam dumps by using exam ref 70 411 administering windows server 2012 r2 pdf. Immediate access to the exam ref 70 411 administering windows server 2012 r2 pdf and find the same core area 70 411 dumps with professionally verified answers, then PASS your exam with a high score now.
Online 70-411 free questions and answers of New Version:
NEW QUESTION 1
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when client computers start. When a client computer starts, you discover that it takes a long time before users are
prompted to log on.
You need to reduce the amount of time it takes for the client computers to start. The solution must not prevent scripts from completing successfully.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
Answer:
Explanation: Lets the system run startup scripts simultaneously rather than waiting for each to finish http: //technet. microsoft. com/en-us/library/cc939423. aspx
Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.
If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously.
This policy appears in the Computer Configuration and User Configuration folders. The policy set in Computer Configuration takes precedence over the policy set in User
Configuration.
By default, the Fast Logon Optimization feature is set for both domain and workgroup members. This setting causes policy to be applied asynchronously when the computer starts and the user logs on. The result is similar to a background refresh. The advantage is that it can reduce the amount of time it takes for the logon dialog box to appear and the amount of time it takes for the desktop to become available to the user. Of course, it also means that the user may log on and start working before the absolute latest policy settings have been applied to the system.
Depending on your environment, you may want to disable Fast Logon Optimization. You can do this with Group Policy, using the Always wait for the network at computer startup and logon policy setting.
Refernces:
http: //technet. microsoft. com/en-us/magazine/gg486839. aspx http: //technet. microsoft. com/en-us/magazine/gg486839. aspx http: //technet. microsoft. com/en-us/library/cc958585. aspx
NEW QUESTION 2
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.
You need to create an Active Directory snapshot on DC1. Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Answer:
Explanation: Box 1: ntdsutil
Box 2: snapshot
Box 3: activate instance ntds Box 4: create
Note:
Create a snapshot of AD DS in Windows Server 2012 R2 by using NTDSUTIL
1 – On the domain server, open command prompt and type ntdsutil and press Enter. 2- Next, type snapshot and press Enter.
3 – Next, type activate instance ntds and press Enter.
4 – Next, type create (this create command is to generate a snapshot of my AD) and press Enter.
NEW QUESTION 3
Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami. Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \contoso.compublic. The namespace contains a folder named Folder1. Folder1 has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
- A. Set the Ordering method of \contoso.compublic to Random order.
- B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.
- C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.
- D. Set the Ordering method of \contoso.compublic to Exclude targets outside of the client's site.
- E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
- F. Set the Ordering method of \contoso.compublic to Lowest cost.
Answer: CD
Explanation: Exclude targets outside of the client's site
In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace.
Note: Targets that have target priority set to "First among all targets" or "Last among all targets" are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client's site.
Note 2: Set the Ordering Method for Targets in Referrals
A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.
NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
A network administrator accidentally deletes the Default Domain Policy GPO. You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO. What should you use?
- A. Dcgpofix
- B. Get-GPOReport
- C. Gpfixup
- D. Gpresult
- E. Gpedi
- F. msc
- G. Import-GPO
- H. Restore-GPO
- I. Set-GPInheritance
- J. Set-GPLink
- K. Set-GPPermission
- L. Gpupdate
- M. Add-ADGroupMember
Answer: A
Explanation: Dcgpofix
Restores the default Group Policy objects to their original state (that is, the default state after initial installation).
Reference: http: //technet. microsoft. com/en-us/library/hh875588(v=ws. 10). aspx
NEW QUESTION 5
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2.
All of the user accounts in the marketing department are members of a group named ContosoMarketingUsers. All of the computer accounts in the marketing department are members of a group named ContosoMarketingComputers.
A domain user named User1 is a member of the ContosoMarketingUsers group. A computer named Computer1 is a member of the ContosoMarketingComputers group.
You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short.
You need to tell User1 what her minimum password length is. What should you tell User1?
- A. 10
- B. 11
- C. 12
- D. 14
Answer: A
Explanation: One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In
this case, the PSO that has the precedence value of 2 has a higher rank and, hence, is applied to the object.
NEW QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com.
You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be available only on DC5 and DCG. What should you do first?
- A. Change the zone replication scope.
- B. Create an Active Directory connection object.
- C. Create an Active Directory site link.
- D. Create an application directory partition.
Answer: D
Explanation: You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition.
NEW QUESTION 7
You have a server that runs Windows Server 2012 R2.
You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012 R2.
You plan to apply several updates to Windows2012.vhd. You need to mount Wmdows2012.vhd to D:Mount. Which tool should you use?
- A. Server Manager
- B. Device Manager
- C. Mountvol
- D. Dism
Answer: D
Explanation: You can use the Deployment Image Servicing and Management (DISM) tool to mount a Windows image from a WIM or VHD file. Mounting an image maps the contents of the image to a directory so that you can service the image using DISM without booting into the image. You can also perform common file operations, such as copying, pasting, and editing on a mounted image.
To apply packages and updates to a Windows Embedded Standard 7 image, we recommend creating a configuration set and then using Deployment Imaging Servicing and Management (DISM) to install that configuration set. Although DISM can be used to install individual updates to an image, this method carries some additional risks and is not recommended.
NEW QUESTION 8
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
- A. The Called Station ID constraints
- B. The MS-Service Class conditions
- C. The Health Policies conditions
- D. The NAS Port Type constraints
- E. The NAP-Capable Computers conditions
Answer: CE
Explanation: ference:
http://technet.microsoft.com/en-us/library/cc753603.aspx http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc731560.aspx
NEW QUESTION 9
A technician installs a new server that runs Windows Server 2012 R2.
During the installation of Windows Server Update Services (WSUS) on the new server, the technician reports that on the Choose Languages page of the Windows Server Update Services Configuration Wizard, the only available language is English.
The technician needs to download updates in French and English.
What should you tell the network technician to do to ensure that the required updates are available?
- A. Complete the Windows Server Update Services Configuration Wizard, and then modify the update language on the server.
- B. Uninstall all instances of the Windows Internal Database.
- C. Change the update languages on the upstream server.
- D. Change the System Local of the server to French.
Answer: C
Explanation: Configure upstream servers to synchronize updates in all languages that are required by downstream replica servers. You will not be notified of needed updates in the unsynchronized languages.
The Choose Languages page of the WSUS Configuration Wizard allows you to get updates from all languages or from a subset of languages. Selecting a subset of languages saves disk space, but it is important to choose all the languages that are needed by all the downstream servers and client computers of a WSUS server.
Downstream servers and client computers will not receive all the updates they need if you
have not selected all the necessary languages for the upstream server. Make sure you select all the languages that will be needed by all the client computers of all the downstream servers.
You should generally download updates in all languages on the root WSUS server that synchronizes to Microsoft Update. This selection guarantees that all downstream servers and client computers will receive updates in the languages that they require.
To choose update languages for a downstream server:
If the upstream server has been configured to download update files in a subset of languages: In the WSUS Configuration Wizard, click Download updates only in these languages (only languages marked with an asterisk are supported by the upstream server), and then select the languages for which you want updates. https://technet.microsoft.com/en-us/library/hh328568(v=ws.10).aspx
NEW QUESTION 10
HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.
What should you modify? To answer, select the appropriate object in the answer area.
Answer:
Explanation: http: //technet. microsoft. com/en-us/library/cc771298(v=ws. 10). aspx
Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic.
NEW QUESTION 11
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com.
You need to configure Server1 to support the resolution of names in fabnkam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?
- A. Create a stub zone.
- B. Add a forwarder.
- C. Create a secondary zone.
- D. Create a conditional forwarder.
Answer: C
Explanation: http: //technet. microsoft. com/en-us/library/cc771898. aspx
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone.
With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable.
While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records: A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone.
References:
http: //www. windowsnetworking. com/articles-tutorials/windows-2003/DNS_Stub_Zones. html
http: //technet. microsoft. com/en-us/library/cc771898. aspx
http: //redmondmag. com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones. aspx?Page=2
NEW QUESTION 12
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
Server1 and Server2 are configured as replica servers that use Server3 as an upstream server.
You remove Servers from the network.
You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft.
Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area.
Answer:
Explanation: Set-WsusServerSynchronization-SyncFromMU [-UpdateServer<IUpdateServer> ] [- Confirm] [-WhatIf] [ <CommonParameters>]
Set-WsusServerSynchronization-UssServerName<String> [-PortNumber<Int32> ] [- Replica] [-UpdateServer<IUpdateServer> ] [-UseSsl] [-Confirm] [-WhatIf] [
<CommonParameters>]
The Set-WsusServerSynchronizationcmdlet sets whether the Windows Server Update Services (WSUS) server synchronizes from Microsoft Update or an upstream server. This cmdlet allows the user to specify settings such as the upstream server name, the port number, and whether or not to use Secure Sockets Layer (SSL).
References:
http: //technet. microsoft. com/en-us/library/hh826163. aspx
http: //technet. microsoft. com/en-us/library/cc708480%28v=ws. 10%29. aspx
NEW QUESTION 13
DRAG DROP
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.
Group Policy objects (GPOs) are linked to the domain as shown in the exhibit. (Click the Exhibit button.)
GPO2 contains computer configurations only and GPO3 contains user configurations only. You need to configure the GPOs to meet the following requirements:
✑ Ensure that GPO2 only applies to the computer accounts in OU2 that have more
than one processor.
✑ Ensure that GPO3 only applies to the user accounts in OU3 that are members of a security group named SecureUsers.
Which setting should you configure in each GPO?
To answer, drag the appropriate setting to the correct GPO. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation: https://technet.microsoft.com/en-us/library/cc732796(v=ws.11).aspx https://technet.microsoft.com/en-us/library/cc752992(v=ws.11).aspx
NEW QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed.
Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are separated by a low-speed WAN connection.
You need to limit the amount of bandwidth that DFS can use to replicate between Server1 and Server2.
What should you modify?
- A. The referral ordering of the namespace
- B. The staging quota of the replicated folder
- C. The cache duration of the namespace
- D. The schedule of the replication group
Answer: D
Explanation: Scheduling allows less bandwidth the by limiting the time interval of the replication Does DFS Replication throttle bandwidth per schedule, per server, or per connection?
If you configure bandwidth throttling when specifying the schedule, all connections for that replication group will use that setting for bandwidth throttling. Bandwidth throttling can be also set as a connection-level setting using DFS Management.
To edit the schedule and bandwidth for a specific connection, use the following steps: In the console tree under the Replication node, select the appropriate replication group. Click the Connections tab, right-click the connection that you want to edit, and then click Properties.
Click the Schedule tab, select Custom connection schedule and then click Edit Schedule. Use the Edit Schedule dialog box to control when replication occurs, as well as the maximum amount of bandwidth replication can consume.
NEW QUESTION 15
HOTSPOT
Your network contains one Active Directory forest named contoso.com and one Active Directory forest named adatum.com. Each forest contains a single domain. You have the domain controllers configured as shown in the following table.
You perform the following three actions:
- Create a user named User1 on DC3.
- Create a file named file1.txt in the SYSVOL folder on DC1.
- Create a Group Policy object (GPO) named GPO1 on DC1 and link GPO1 to Site2.
You need to identify on which domain controller or controllers each object is stored. What should you identify? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
NEW QUESTION 16
HOTSPOT
You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication. To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
Answer:
Explanation: When organizations deploy their own public key infrastructure (PKI) and install a private trusted root CA, their CA automatically sends its certificate to all domain member computers in the organization. The domain member client and server computers store the CA certificate in the Trusted Root Certification Authorities certificate store. After this occurs, the domain member computers trust certificates that are issued by the organization trusted root CA.
For example, if you install AD CS, the CA sends its certificate to the domain member computers in your organization and they store the CA certificate in the Trusted Root Certification Authorities certificate store on the local computer. If you also configure and autoenroll a server certificate for your NPS servers and then deploy PEAP-MS-CHAP v2 for wireless connections, all domain member wireless client computers can successfully
authenticate your NPS servers using the NPS server certificate because they trust the CA that issued the NPS server certificate.
On computers that are running the Windows operating system, certificates that are installed on the computer are kept in a storage area called the certificate store. The certificate store is accessible using the Certificates Microsoft Management Console (MMC) snap-in.
This store contains multiple folders, where certificates of different types are stored. For example, the certificate store contains a Trusted Root Certification Authorities folder where the certificates from all trusted root CAs are kept.
When your organization deploys a PKI and installs a private trusted root CA using AD CS, the CA automatically sends its certificate to all domain member computers in the organization. The domain member client and server computers store the CA certificate in the Trusted Root Certification Authorities folder in the Current User and the Local Computer certificate stores. After this occurs, the domain member computers trust certificates that are issued by the trusted root CA.
Similarly, when you autoenroll computer certificates to domain member client computers, the certificate is kept in the Personal certificate store for the Local Computer. When you autoenroll certificates to users, the user certificate is kept in the Personal certificate store for the Current User.
References:
http: //technet. microsoft. com/en-us/library/cc730811. aspx http: //technet. microsoft. com/en-us/library/cc730811. aspx
http: //technet. microsoft. com/en-us/library/cc772401%28v=ws. 10%29. aspx http: //technet. microsoft. com/en-us/library/ee407543%28v=ws. 10%29. aspx
NEW QUESTION 17
HOTSPOT
Your network contains a RADIUS server named Admin1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Admin1. On Server2, you create a new remote RADIUS server group named Group1 that contains
Admin1.
What should you configure next on Server2?
To answer, select the appropriate node in the answer area.
Answer:
Explanation: Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
NEW QUESTION 18
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should you use?
- A. The tracert.exe command
- B. The Network Policy Server console
- C. The Server Manager console
- D. The netsh.exe command
Answer: D
Explanation: NPS trace logging files
You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can provide the detailed information required for troubleshooting complex problems.
You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%tracing.
The following log files contain helpful information about NAP:
IASNAP. LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.
IASSAM. LOG: Contains detailed information about user authentication and authorization.
Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http: //go. microsoft. com/fwlink/?LinkId=83477).
To create tracing log files on a server running NPS
✑ Open a command line as an administrator.
✑ Type netshras set tr * en.
✑ Reproduce the scenario that you are troubleshooting.
✑ Type netshras set tr * dis.
✑ Close the command prompt window.
Reference: http: //technet. microsoft. com/en-us/library/dd348461%28v=ws. 10%29. aspx
NEW QUESTION 19
You have three Windows Server Update Services (WSUS) servers named Server01, Server02, Server03. Server01 synchronizes from Microsoft Update.
You need to ensure that only Server02 and Server03 can synchronize from Server01. What should you do on Server01?
- A. Modify %ProgramFiles%Update Services WebServicesserversyncwebserviceWeb.config.
- B. From the Update Services console, modify the Automatic Approvals options.
- C. Modify %ProgramFiles%Update Services WebServicesserversyncwebserviceSimpleAuth.asmx.
- D. From the Update Services console, modify the Update Source and Proxy Server options.
Answer: D
Explanation: References:
https://technet.microsoft.com/en-us/library/hh852346(v=ws.11).aspx
NEW QUESTION 20
Your network contains one Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
A central store is configured on a domain controller named DC1.
You have a custom administrative template file named App1.admx. App1.admx contains application settings for an application named App1.
You copy App1.admx to the central store. You create a new Group Policy object (GPO) named App1.Settings.
When you edit App1.Settings, you receive the warning message shown in the following exhibit.
You need to ensure that you can edit the settings for App1 from the app1_settings GPO.
- A. Modify the permissions of the ADMX file.
- B. Copy an ADML file to the central store.
- C. Add an administrative Template to the App1_settings GPO.
- D. Move the ADMX file to the local Policy definitions folder.
Answer: B
Explanation: This error indicates that the .adml file of Appc1.admx is not found in your central store.
Please check whether the App1.adml file exists in 'SYSVOLdomainnamePoliciesPolicyDefinitionsen-us'. (en-us is for English version ADML files)
https://social.technet.microsoft.com/Forums/windowsserver/en-US/ef9d69db-3ae1-4ec3-9e21-b6398556ec15/error-in-gpmc?forum=winserverGP
Recommend!! Get the Full 70-411 dumps in VCE and PDF From prep-labs.com, Welcome to Download: https://www.prep-labs.com/dumps/70-411/ (New 294 Q&As Version)