There are many companies that provide 70-411 braindumps but those are not accurate and latest ones. Preparation with GreatExam 70-411 practice test study guide is a best way to pass this certification exam in easy way.
QUESTION 401
Your corporate network includes an Active Directory Domain Services (AD DS) domain contoso. On all domain controllers Windows Server 2012 R2 is installed. The domain contains two organizational units (OUs) containing the names OU1 and OU2. Both organizational units are located in the root directory of the domain. They create two GPOs (GPOs) containing the names and GPO1 GPO2.
To associate with GPO1 OU1 and OU2 GPO2 with. OU1 contains a computer account named Desktop1.
OU2 includes a user account that is named User1.
You must make sure that is GPO1 applied to user1 when user1 logs in.
What do you configure?
A. The Group Policy Object Status.
B. The Group Policy Object Links.
C. The option Enforced.
D. The security filtering
Answer: B
Explanation:
To ensure that the settings are applied from GPO1 on User1, we can either move the account of user1 in the organizational unit OU1 or link the GPO GPO1 in addition to the existing link with OU1 with OU2. Alternatively, it would also be possible to activate the loopback processing for the user settings.
QUESTION 402
Your corporate network includes an Active Directory Domain Services (AD DS) domain contoso The domain contains a Windows Server 2012 R2 computer that is named Server1.
On Server1 role service RD Session Host is installed.
The computer account of Server1 is in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link it to OU1. The settings of GPO1 are shown in the picture (click on the button drawing).
You must prevent the settings are applied from GPO1 on Tom’s account when Tom logs on to Server1. However GPO1 must be applied to all other users who log on to Server1.
What you configure?
A. Security Filtering
B. WMI Filtering
C. Disabling the Policy Inheritance
D. Item-level targeting
Answer: A
Explanation:
GPO1 is for the loopback of user Group Policy mode Replace configured. Regardless of where Tom’s account is stored, the user configuration settings from GPO1 be applied. In order to avoid that GPO1 applied to Tom, we can configure the security settings of the GPO so that Tom be refused to take over the rights.
For the Apply the settings of a GPO, the permissions Read and Apply Group Policy required.
QUESTION 403
They are active as an IT consultant for a fashion company.
The company uses an Active Directory forest with a single domain.
The manager of the company reports that it gets displayed a desktop background, whom he has not chosen himself.
In an interview with the IT department, you will learn that a former colleague more than 20 Group Policy objects (GPOs) created and it has not yet succeeded, determine which GPO configures the desktop background of the manager.
How do you support the IT department in solving the problem?
A. From Group Policy Management, run the Group Policy Results Wizard.
B. Run the Group Policy Results Wizard for the computer account of the manager.
C. Run the Group Policy Results Wizard for the user account of the manager.
D. Run the Group Policy Results Wizard for all computer accounts to the domain.
Answer: C
Explanation:
The configuration of the desktop background is part of the user configuration. By carrying out the Group Policy Results Wizard for the user account of the manager can be found, which GPOs (GPOs) are applied to the order in which the user account of the manager. In addition, the report of the Group Policy Results Wizard can be seen that each GPO is crucial for the effective configuration of the individual directives.
QUESTION 404
Drag and Drop Question
Your network contains a single Active Directory domain named contoso.com.
The domain contains an Active Directory site named Site1 and an organizational unit (OU) named OU1. The domain contains a client computer named Client1 that is located in OU1 and Site1.
You create five Group Policy objects (GPO).
The GPOs are configured as shown in the following table.
You need to identify in which order the GPOs will be applied to Client1.
In which order should you arrange the listed GPOs? To answer, move all GPOs from the list of GPOs to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Explanation:
Basically determines the order in which the GPOs are applied by Group Policy, the ranking.
The default order is local, site, domain, organizational unit and subordinate organizational units (OU LSD). Therefore GPOs have in child OUs overrides associated with parent OUs GPOs. This in turn take precedence over the domain linked GPOs, which take precedence over the site linked GPOs. Direction for use, or LSD-OU (LSDOU)
Local Policy
GPOs that are linked to the site
GPOs that are linked to the domain
GPOs that are linked to organizational units (from the parent OU to subordinate)
The Standardreiehnfolge processing can be set by forcing a Group Policy object or by disabling the inheritance of a GPO repealed. Enforced When a GPO enforced it will put at the end of the processing sequence. If more than one GPO to “forced” option is enabled, the GPOs are applied in reverse default order (L-OU-DS). In this way ensures that the settings of Domain Admins will not be overwritten by forcing the settings of a Delegated Administrator at a subordinate level. If several enforced GPO objects linked on the same level as, shall be the highest priority by (the sorted upwards). Inheritance disable The above the OU linked GPOs are not inherited or blocked. Is activated by a higher-level object “forced”, so the inheritance can not be prevented. Thus, the Domain Administrator can always prevail with its settings.
QUESTION 405
Drag and Drop Question
Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named test.contoso.com.
There is no network connectivity between contoso.com and test.contoso.com.
The test.contoso.com domain contains a Group Policy object (GPO) named GPO1.
You need to apply the settings in GPO1 to the contoso.com domain.
Which four actions should you perform? To answer, move the four appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1. Run the Backup-gpo cmdlet
2. User removable media to transfer the contects of test.contoso.com to contoso.com
3. Create a gpo in contoso.com
4. Run the import-gpo cmdlet
http://technet.microsoft.com/en-us/library/ee461050.aspx
http://technet.microsoft.com/en-us/library/ee461044.aspx
QUESTION 406
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com.
All client computers run Windows 7. Group Policy objects (GPOs) are linked to the domain as shown in the exhibit. (Click the Exhibit button.)
GP02 contains user configurations only and GP03 contains computer configurations only.
You need to configure the GPOs to meet the following requirements:
– Ensure that GP02 only applies to the user accounts in OU2 that are members of a global group named Group2.
– Ensure that GP03 only applies to the computer accounts in OU3 that have more than 100 GB of free disk space.
What should you do?
To answer, drag the appropriate setting to the correct GPO. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 407
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com.
You deploy a web-based application named App1 to a server named Server1.
App1 uses an application pool named AppPool1.
AppPool1 uses a domain user account named User1 as its identity.
You need to configure Kerberos constrained delegation for User1.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order
Answer:
QUESTION 408
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8. Group Policy objects (GPOs) are linked to the domain as shown in the exhibit. (Click the Exhibit button.)
GPO2 contains computer configurations only and GP03 contains user configurations only.
You need to configure the GPOs to meet the following requirements:
– Ensure that GPO2 only applies to the computer accounts in OU2 that have more than one processor.
– Ensure that GP03 only applies to the user accounts in OU3 that are members of a security group named SecureUsers.
Which setting should you configure in each GPO? To answer, drag the appropriate setting to the correct GPO. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 409
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. Recently, all of the domain controllers that ran Windows Server 2003 were replaced by domain controllers that run Windows Server 2012 R2.
From Event Viewer, you discover SYSVOL journal wrap errors on a domain controller named dclO.contoso.com.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which three actions should you perform on DC10?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 410
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 that runs Windows Server 2012.
The domain contains some test client computers that run either Windows XP, Windows Vista, Windows 7, or Windows 8.
The computer accounts for the test computers are located in an organizational unit (OU) named OU1.
You have a Group Policy object (GPO) named GP01 linked to OU1.
GPO1 is used to assign several applications to the test computers.
You need to ensure that when the test computers in OU1 restart, you can see which application installation is running currently.
Which setting should you modify in GPO1? To answer, select the appropriate setting in the answer area.
Answer:
Explanation:
The guidelines shown are located in the section Computer Configuration\Administrative Templates\System.
Directive: Show Extremely detailed status messages
This policy setting directs the system to display highly detailed status messages.
This policy setting is intended for advanced users who need this information.
If this . enable policy setting, status messages are displayed for each individual step in the startup, shutdown, logon or logoff
If you disable this policy setting or do not configure, only the standard system messages are displayed during these operations.
Note: This policy setting is ignored if the setting “” Status messages to reboot, shutdown, login and logout remove “” is enabled.
QUESTION 411
Hotspot Question
Your network contains an Active Directory domain named fabrikam.com.
You implement DirectAccess and an IKEv2 VPN.
You need to view the properties of the VPN connection.
Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
Answer:
Explanation:
Position 1 symbolizes a wired network connection. Position 2 indicates the DirectAccess connection. Is located at position 3 the known symbol of wireless (WIFI) connection and the symbol in position 4 identifies a VPN connection.
QUESTION 412
Hotspot Question
Your network contains an Active Directory domain named corp.contoso.com.
The domain contains two member servers named Server1 and Edge1.
Both servers run Windows Server 2012. Your company wants to implement a central location where the system events from all of the servers in the domain will be collected.
From Server1, a network technician creates a collector-initiated subscription for Edge1.
You discover that Server1 does not contain any events from Edge1.
You view the runtime status of the subscription as shown in the exhibit.
You need to ensure that the system events from Edge1 are collected on Server1.
What should you modify? To answer, select the appropriate object in the answer area.
Answer:
Explanation:
If you intend to specify a user account by using the Specific User option in Advanced Subscription Settings when creating the subscription, you must ensure that account is a member of the local Administrators group on each of the source computers
http://technet.microsoft.com/en-us/library/cc748890.aspx
QUESTION 413
Hotspot Question
Your network contains an Active Directory domain called contoso.com.
The domain contains a domain controller named DC1 that runs Windows server 2012.
The domain contains some test client computers that run either Windows XP, Windows Vista, Windows 7, or Windows 8.
The computer accounts for the test computers are located in an organizational unit (OU) named OU1.
You have a Group Policy object (GPO) named GPO1 linked to OU1.
GPO1 is used to assign several applications to the test computers.
You need to ensure that when the test computers in OU1 restart, you can see which application installation is running currently.
Which setting should you modify in GPO1? To answer, select the appropriate setting in the answer area.
Answer:
Explanation:
Allows you to receive verbose startup, shutdown, logon, and logoff status messages.
Verbose status messages may be helpful when you are troubleshooting slow startup, shutdown, logon, or logoff behavior.
http://support.microsoft.com/kb/325376
QUESTION 414
Hotspot Question
Your network contains an Active Directory forest named contoso.com.
The forest contains a single domain. The DNS zone is Active Directory-integrated contoso.local and configured so that the zone data to all DNS servers running on domain controllers in the domain certbase.de replicated. Server1 is a member server of the domain.
The IP address of Server1 is in the zone contoso.local registered.
You must determine when the DNS record of Server1 was last updated.
In which Active Directory partition to see the DNS record of a Server1? (To be configured dialog box shown in the picture. Click the Drawing button.)
Answer:
Explanation:
In the task is mentioned that the zone data to all DNS servers running on domain controllers in the domain certbase.de replicated.
The zone data is consequently in the Active Directory partition DomainDnsZones saved.
QUESTION 415
File1 has been encrypted by Contoso\admin1
File2 has been encrypted by Server1\admin1
File3 has been encrypted by Server1\administrator
You need to back up the DRA agents.
Who is the owner of each of the agents.
There is a selection of drop down boxes.
You should to select one in every file.
File1: Contoso\admin
Contoso\administrator
Server1\admin1
Server1\administrator
File2: Contoso\admin
Contoso\administrator
Server1\admin1
Server1\administrator
File3: Contoso\admin
Contoso\administrator
Server1\admin1
Server1\administrator
Answer: Contoso\administrator;Server1\administrator;Server1\administrator;
Explanation:
https://technet.microsoft.com/en-us/library/cc512680.aspx
By default, the data recovery agent is defined to be the administrator account. On stand-alone workstations and workgroup machines, the administrator account is the local administrator; on domain-joined machines, the administrator account is the first domain controller’s administrator account.
I think the first one is in the Contoso Domain, so the Agent should be Contoso/Administrator.
The other ones seem to be a local machine. It depends how the question introduced the machines. But I would say these are local ones. So the agent should be Server1/Administrator in both cases.
File1 has been encrypted by Contoso\admin1
File2 has been encrypted by Server1\admin1
File3 has been encrypted by Server1\administrator
QUESTION 416
Transferring FSMO Roles with MMC Tool
You plan to transferring DC that holding FSMO roles.
You need to select which tools can use to transfer domain naming master role and Operations master roles.
Answer:
I ALSO HAD THIS ONE ON THE EXAM, BUT I’M MIGHT BEING MISSING A LITTLE DETAIL, BUT I SURE IS 90% COMPLETE.
This are extra information, just in case they change de question!
SUMMARY
There are five Flexible Single Master Operations (FSMO) roles in a Windows 2000 forest.
There are two ways to transfer a FSMO role in Windows 2000. This article describes how to transfer all five FSMO roles by using Microsoft Management Console (MMC) snap-ins. The five FSMO roles are:
Schema Master – One master role holder per forest. The schema master FSMO role holder is the domain controller responsible for performing updates to the directory schema.
Domain Naming Master – One master role holder per forest. The domain naming master FSMO role holder is the DC responsible for making changes to the forest-wide domain name space of the directory.
Infrastructure Master – One master role holder per domain. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference.
RID Master – One master role holder per domain. The RID master FSMO role holder is the single DC responsible for processing RID Pool requests from all DCs within a given domain.
PDC Emulator – One master role holder per domain. The PDC emulator FSMO role holder is a Windows 2000 DC that advertises itself as the primary domain controller (PDC) to earlier version workstations, member servers, and domain controllers. It is also the Domain Master Browser and handles password discrepancies.
For additional information about FSMO roles in Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:
197132 Windows 2000 Active Directory FSMO Roles
Note To successfully perform the steps in this article, you must be a member of the Enterprise Administrators group.
You plan to transferring DC that holding FSMO roles.
You need to select which tools can use to transfer domain naming master role and Operations master roles.
QUESTION 417
What roles do you use to move and domain naming server and infrastructure master?
Answer:
QUESTION 418
Which 2 tools to use for the Export of the DFS Files and Database to a new replica DFS
Choose from 4 options amongst which are:
Answer:
Explanation:
I ALSO HAD THIS ONE ON THE EXAM, BUT I’M MIGHT BEING MISSING A LITTLE DETAIL, BUT I SURE IS 90% COMPLETE.
Robocopy
The Robocopy (Robust File Copy) command-line utility is included with Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008. The utility provides extensive options that include copying security, backup API support, retry capabilities, and logging. Later versions include multi-threading and un-buffered I/O support.
https://technet.microsoft.com/en-us/library/dn495044.aspx
https://technet.microsoft.com/en-us/library/dn495052.aspx
QUESTION 419
You have a WSUS server and you have a user that needs french windows updates.
You check the server and you only have english.
What should you do?
Answer: “You must configure the Upstream WSUS server (root WSUS server) to download updates in all languages that are used throughout the entire organization.”
Explanation:
https://technet.microsoft.com/en-us/library/hh328568(v=ws.10).aspx
QUESTION 420
You have a group managed Service Account name Account01.
Only three servers named Server01, Server02 and Server03 are allowed to use Account01 service account.
You plan to decommission Server01.
You need to prevent Server01 from using the Account01 service account.
The solution must ensure that Server02 and Server03 continue to use the Account01 service account What command should you run? To answer, select the appropriate options in the answer area.
A. Set-ADServiceAccount
B. Uninstall-ADServiceAccount
C. remove-ADServiceAccount
D. Reset-ADServiceAccountPassword
Answer: D
Explanation:
https://technet.microsoft.com/en-us/library/ee617190.aspx
https://www.petri.com/restrict-privileged-accounts-with-authentication-silos-in-windows-server-2012-r2
We give you the proper and complete training with free 70-411 GreatExam updates. Our braindumps will defiantly make you perfect to that level you can easily pass the exam in first attempt.