Master the 70 411 vce content and be ready for exam day success quickly with this 70 411 dumps. We guarantee it!We make it a reality and give you real 70 411 administering windows server 2012 r2 pdf in our Microsoft 70-411 braindumps. Latest 100% VALID 70 411 vce at below page. You can use our Microsoft 70-411 braindumps and pass your exam.
Online Microsoft 70-411 free dumps demo Below:
NEW QUESTION 1
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
✑ Generate an event each time a new process is created.
✑ Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area.
- A. Audit access management (Not Defined)
- B. Audit directory service access (Not Defined)
- C. Audit logon events (Not Defined)
- D. Audit Object (Not Defined)
- E. Audit policy change(Not Defined)
- F. Audit privilege use (Not Defined)
- G. Audit process tracking (Not Defined)
- H. Audit system events(Not Defined)
Answer: DG
Explanation: * Audit Object Access
Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified.
* Audit Process Tracking
Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
Reference: Audit object access
https://technet.microsoft.com/en-us/library/cc976403.aspx
Reference: Audit Process Tracking
https://technet.microsoft.com/en-us/library/cc976411.aspx
NEW QUESTION 2
Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed.
Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1.
You need to configure replica downstream servers to send Server1 summary information about the computer update status.
What should you do?
- A. From Server1, configure Reporting Rollup.
- B. From Server2, configure Reporting Rollup.
- C. From Server2, configure Email Notifications.
- D. From Server1, configure Email Notifications.
Answer: A
Explanation: WSUS Reporting Rollup Sample Tool
This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file.
Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx
NEW QUESTION 3
HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network.
You need to configure Server1 as a network address translation (NAT) server. Which node should you use to add the NAT routing protocol?
To answer, select the appropriate node in the answer area.
Answer:
Explanation: References: https://technet.microsoft.com/en-us/library/dd469812(v=ws.11).aspx
NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
- A. Server Manager
- B. Active Directory Users and Computers
- C. The Gpupdate command
- D. Group Policy Management Console (GPMC)
Answer: D
Explanation: Starting with Windows Server® 2012 and Windows® 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
References:
http: //technet. microsoft. com/en-us//library/jj134201. aspx
http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows- server-2012-using-remote-gpupdate. aspx
NEW QUESTION 5
Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone.
What should you do first?
- A. Run the Zone Signing Wizard for the zone.
- B. From the properties of the zone, modify the start of authority (SOA) record.
- C. From the properties of the zone, change the zone type.
- D. Run the New Delegation Wizard for the zone.
Answer: C
Explanation: The Zone would need to be changed to a AD integrated zone When you use directory- integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a secure group, such as a domain administrators group. This security feature is not available with standard primary zones.
DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.
Standard (not an Active Directory integrated zone) has no Security settings:
You need to firstly change the "Standard Primary Zone" to AD Integrated Zone:
Now there's Security tab:
References:
http: //technet. microsoft. com/en-us/library/cc753014. aspx http: //technet. microsoft. com/en-us/library/cc726034. aspx http: //support. microsoft. com/kb/816101
NEW QUESTION 6
Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2.
All client computers run Windows 7.
You need to ensure that user settings are saved to \Server1Users. What should you do?
- A. From the properties of each user account, configure the Home folder settings.
- B. From a Group Policy object (GPO), configure the Folder Redirection settings.
- C. From the properties of each user account, configure the User profile settings.
- D. From a Group Policy object (GPO), configure the Drive Maps preference.
Answer: C
Explanation: If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user profiles.
NEW QUESTION 7
Your network contains one Active Directory domain named controso.com. The domain contains a file server named Server01 that runs Windows Server 2012 R2. Server01 has an operating system drive and a data drive. Server01 has a Trusted Platform Module (TPM).
You need to enable BitLocker Drive Encryption (BitLocker) for the data drive on Server01. Which cmdlet should you run first?
- A. Lock-Bitlocker
- B. Enable-WindowsOptionalFeature
- C. Enable- TPMAutoProvisioning
- D. Unblock-TPM
Answer: B
Explanation: References:
https://technet.microsoft.com/en-us/library/jj612864(v=ws.11).aspx
NEW QUESTION 8
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table.
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement.
A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers.
You need to ensure that the client computers can discover HRA servers automatically. Which three actions should you perform? (Each correct answer presents part of the
solution. Choose three.)
- A. On all of the client computers, configure the EnableDiscovery registry key.
- B. In a GPO, modify the Request Policy setting for the NAP Client Configuration.
- C. On Server2, configure the EnableDiscovery registry key.
- D. On DC1, create an alias (CNAME) record.
- E. On DC1, create a service location (SRV) record.
Answer: ABE
Explanation: Requirements for HRA automatic discovery
The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery:
Client computers must be running Windows Vista® with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3).
The HRA server must be configured with a Secure Sockets Layer (SSL) certificate. The EnableDiscovery registry key must be configured on NAP client computers. DNS SRV records must be configured.
The trusted server group configuration in either local policy or Group Policy must be cleared.
http: //technet. microsoft. com/en-us/library/dd296901. aspx
NEW QUESTION 9
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a member server that runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed.
You create a new multicast session in WDS and connect 50 client computers to the
session.
When you open the Windows Deployment Services console, you discover that all of the computers are listed as pending devices.
You need to ensure that any of the computers on the network can join a multicast transmission without requiring administrator approval.
What should you configure?
To answer, select the appropriate tab in the answer area.
Answer:
Explanation:
NEW QUESTION 10
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Routerl.
You need to optimize the connection path from Server1 to Server2. Which route command should you run on Server1?
- A. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.2.1 METRIC 50
- B. Route add -p 192.168.2.12 MASK 255.255.255.0 192.168.2.1 METRIC 100
- C. Route add -p 192.168.2.12 MASK 255.255.255.0 192.168.2.0 METRIC 50
- D. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.1.2 METRIC 100
Answer: D
NEW QUESTION 11
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature.
Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.
Answer:
Explanation: References:
http: //technet.microsoft.com/en-us/library/jj574173.aspx
NEW QUESTION 12
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?
- A. The Group Policy preferences
- B. An application control policy
- C. The Administrative Templates
- D. The Software Installation settings
Answer: A
Explanation: Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files.
Reference: http://technet.microsoft.com/en-us/library/dn581922.aspx
NEW QUESTION 13
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2.
You enable the EventLog-Application event trace session.
You need to set the maximum size of the log file used by the trace session to 10 MB. From which tab should you perform the configuration? To answer, select the appropriate
tab in the answer area.
Answer:
Explanation: Note: By default, logging stops only if you set an expiration date as part of the logging schedule. Using the options on the Stop Condition tab, you can configure the log file to stop automatically after a specified period of time, such as seven days, or when the log file is full (if you’ve set a maximum size limit).
NEW QUESTION 14
HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. You configure Network Access Protection (NAP) on Server1.
Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks
to update their computer accordingly.
You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
Answer:
Explanation:
NEW QUESTION 15
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
The domain contains a top-level organizational unit (OU) for each department. A group named Group1 contains members from each department.
You have a GPO named GPO1 that is linked to the domain. You need to configure GPO1 to apply settings to Group1 only. What should you use?
- A. Dcgpofix
- B. Get-GPOReport
- C. Gpfixup
- D. Gpresult
- E. Gpedi
- F. msc
- G. Import-GPO
- H. Restore-GPO
- I. Set-GPInheritance
- J. Set-GPLink
- K. Set-GPPermission
- L. Gpupdate
- M. Add-ADGroupMember
Answer: J
Explanation: Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify a user, security group, or computer for which to set the permission level.
-Replace <SwitchParameter>
Specifies that the existing permission level for the group or user is removed before the new permission level is set. If a security principal is already granted a permission level that is higher than the specified permission level and you do not use the Replace parameter, no change is made.
Reference: http: //technet. microsoft. com/en-us/library/ee461038. aspx
NEW QUESTION 16
HOTSPOT
Your network contains a DNS server named Server1. Server1 hosts a DNS zone for
contoso.com.
You need to ensure that DNS clients cache records from contoso.com for a maximum of one hour.
Which value should you modify in the Start of Authority (SOA) record? To answer, select the appropriate setting in the answer area.
Answer:
Explanation: Minimum TTL - The minimum time-to-live value applies to all resource records in the zone file. This value is supplied in query responses to inform other servers how long they should keep the data in cache. The default value is 3,600.
NEW QUESTION 17
Your company has a main office and two branch offices. The main office is located in New York. The branch offices are located in Seattle and Chicago.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. Active Directory site links exist between the main office and the branch offices. All servers run Windows Server 2012 R2.
The domain contains three file servers. The file servers are configured as shown in the following table.
You implement a Distributed File System (DFS) replication group named ReplGroup. ReplGroup is used to replicate a folder on each file server. ReplGroup uses a hub and
spoke topology. NYC-SVR1 is configured as the hub server. You need to ensure that replication can occur if NYC-SVR1 fails.
What should you do?
- A. Create an Active Directory site link bridge.
- B. Create an Active Directory site link.
- C. Modify the properties of Rep1Group.
- D. Create a connection in Rep1Group.
Answer: D
Explanation: Unsure about this answer. D:
A:
The Bridge all site links option in Active Directory must be enabled. (This option is available in the Active Directory Sites and Services snap-in.) Turning off Bridge all site links can affect the ability of DFS to refer client computers to target computers that have the least expensive connection cost. An Intersite Topology Generator that is running Windows Server 2003 relies on the Bridge all site links option being enabled to generate the intersite cost matrix that DFS requires for its site-costing functionality. If you turn off this option, you must create site links between the Active Directory sites for which you want DFS to
calculate accurate site costs.
Any sites that are not connected by site links will have the maximum possible cost. For more information about site link bridging, see “Active Directory Replication Topology Technical Reference.”
Reference:
http: //faultbucket. ca/2012/08/fixing-a-dfsr-connection-problem/
http: //faultbucket. ca/2012/08/fixing-a-dfsr-connection-problem/
http: //technet. microsoft. com/en-us/library/cc771941. aspx
NEW QUESTION 18
Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table.
You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.)
- A. The Authentication settings
- B. The Standard RADIUS Attributes settings
- C. The Location Groups condition
- D. The Identity Type condition
- E. The User Name condition
Answer: AE
Explanation: The User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern- matching syntax to specify user names.
By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network.
Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access- Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy
Connection request policies are sets of conditions and profile settings that give network administrators flexibility in configuring how incoming authentication and accounting request messages are handled by the IAS server. With connection request policies, you can create a series of policies so that some RADIUS request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS server) and other types of messages are forwarded to another RADIUS server (IAS is being used as a RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios.
With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on the time of day and day of the week, by the realm name in the request, by the type of connection being requested, by the IP address of the RADIUS client, and so on.
References:
http: //technet. microsoft. com/en-us/library/cc757328. aspx
http: //technet. microsoft. com/en-us/library/cc753603. aspx
NEW QUESTION 19
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs). You have a Windows image file named file1.wim.
You need to add an image of a volume to file1.wim. What should you do?
- A. Run imagex.exe and specify the /append parameter.
- B. Run imagex.exe and specify the /export parameter.
- C. Run dism.exe and specify the /image parameter.
- D. Run dism.exe and specify the /append-image parameter.
Answer: D
Explanation: The Deployment Image Servicing and Management (DISM) tool is a command-line tool that enables the creation of Windows image (.wim) files for deployment in a manufacturing or corporate IT environment. The /Append-Image option appends a volume image to an existing .wim file allowing you to store many customized Windows images in a fraction of the space. When you combine two or more Windows image files into
a single .wim, any files that are duplicated between the images are only stored once.
Incorrect:
Not A, Not B: Imagex has been retired and replaced by dism.
Reference: Append a Volume Image to an Existing Image Using DISM https://technet.microsoft.com/en-us/library/hh824916.aspx
NEW QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1.
You need to update the PATH variable on all of the client computers. Which Group Policy preference should you configure?
- A. Ini Files
- B. Services
- C. Data Sources
- D. Environment
Answer: D
Explanation: Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension.
P.S. Easily pass 70-411 Exam with 294 Q&As prep-labs.com Dumps & pdf Version, Welcome to Download the Newest prep-labs.com 70-411 Dumps: https://www.prep-labs.com/dumps/70-411/ (294 New Questions)