GreatExam guarantees your Microsoft 70-411 exam 100% success with our unique official 70-411 exam questions resources! GreatExam’s 70-411 braindumps are developed by experiences IT Certifications Professionals working in today’s prospering companies and data centers! GreatExam 70-411 exam dumps are checked by our experts team every day to ensure you have the latest updated exam dumps!
QUESTION 181
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.
What should you modify? To answer, select the appropriate object in the answer area.
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/cc771298(v=ws.10).aspx
Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic.
QUESTION 182
Your network contains two Active Directory domains named contoso.com and adatum.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone.
You need to configure Server1 to resolve names in the adatum.com domain.
The solution must meet the following requirements:
– Prevent the need to change the configuration of the current name servers that host zones for adatum.com.
– Minimize Administrative effort.
Which type of zone should you create?
A. Primary
B. Secondary
C. Reverse lookup
D. Stub
Answer: D
Explanation:
A. When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS.
B. When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone
C. clients use a known IP address and look up a computer name based on its address.
A reverse lookup takes the form of a question, such as “Can you tell me the DNS name of the computer that uses the IP address 192.168.1.20?”
D. When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone.
– Prevents Change to current zone
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://technet.microsoft.com/en-us/library/cc730980.aspx
QUESTION 183
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You need to ensure that Server2 can host a secondary zone for contoso.com.
What should you do from Server1?
A. Add Server2 as a name server.
B. Convert contoso.com to an Active Directory-integrated zone.
C. Create a zone delegation that points to Server2.
D. Create a trust anchor named Server2.
Answer: A
Explanation:
A. You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server’s IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list.
B. Instead of adding standard secondary DNS servers, you can convert the server from a primary DNS server to an Active Directory Integrated Primary server and configure another domain controller to be a DNS server
C. You can divide your Domain Name System (DNS) namespace into one or more zones.
You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone.
http://technet.microsoft.com/en-us/library/cc770984.aspx
http://support.microsoft.com/kb/816101
http://technet.microsoft.com/en-us/library/cc753500.aspx
http://technet.microsoft.com/en-us/library/cc771640(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee649280(v=ws.10).aspx
QUESTION 184
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named Policy1.
You need to configure Policy1 to apply only to VPN connections that use the L2TP protocol.
What should you configure in Policy1?
A. The Tunnel Type
B. The Service Type
C. The NAS Port Type
D. The Framed Protocol
Answer: A
Explanation:
A. Restricts the policy to only clients that create a specific type of tunnel, such as PPTP or L2TP. B. Restricts the policy to only clients specifying a certain type of service, such as Telnet or Point to Point Protocol connections.
C. Allows you to specify the type of media used by the client computer to connect to the network. D. Restricts the policy to clients that specify a certain framing protocol for incoming packets, such as PPP or SLIP.
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
QUESTION 185
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from User Configuration in GPO1?
A. Preferences/Control Panel Settings/Network Options
B. Policies/Administrative Templates/Windows Components/Windows Mobility Center
C. Policies/Administrative Templates/Network/Windows Connect Now
D. Policies/Administrative Templates/Network/Network Connections
Answer: A
Explanation:
The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections.
Before you create a network option preference item, you should review the behavior of each type of action possible with the extension.
http://technet.microsoft.com/en-us/library/cc772449.aspx
QUESTION 186
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU. A Group Policy object (GPO) named GPO1 is linked to Sales_OU.
You need to configure a dial-up connection for all of the sales users.
What should you configure from User Configuration in GPO1?
A. Policies/Administrative Templates/Network/Windows Connect Now
B. Policies/Administrative Templates/Windows Components/Windows Mobility Center
C. Preferences/Control Panel Settings/Network Options
D. Policies/Administrative Templates/Network/Network Connections
Answer: C
Explanation:
The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension.
To create a new Dial-Up Connection preference item
Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. Right-click the Network Options node, point to New, and select Dial-Up Connection.
References:
http://technet.microsoft.com/en-us/library/cc772107.aspx
http://technet.microsoft.com/en-us/library/cc772107.aspx
http://technet.microsoft.com/en-us/library/cc772449.aspx
QUESTION 187
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has 2 dual-core processors and 16 GB of RAM.
You install the Hyper-V server role in Server1.
You plan to create two virtual machines on Server1.
You need to ensure that both virtual machines can use up to 8 GB of memory.
The solution must ensure that both virtual machines can be started simultaneously.
What should you configure on each virtual machine?
A. Dynamic Memory
B. NUMA topology
C. Memory weight
D. Ressource Control
Answer: A
Explanation:
Dynamic Memory for Virtual Machines was introduced in Hyper-V in Windows Server 2008 R2 Service Pack 1 (SP1). The feature makes it possible to allocate a minimum and maximum value for the memory of a virtual machine instead of a fixed value. The VM starts with the minimal allocated memory and extended if necessary.
In this way, you can assign the virtual machines more memory than actually being physically available. Through dynamic memory prevents a VM blocks unused memory that may be needed urgently by another VM.
QUESTION 188
Your network contains an Active Directory domain named corp.contoso.com. The domain contains a domain controller named DC1. When you run ping dcl.corp.contoso.com, you receive the result as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that DC1 can respond to the Ping command.
Which rule should you modify? To answer, select the appropriate rule in the answer area.
Answer:
QUESTION 189
You have a server named Server1 that runs Windows Server 2012 R2.
You promote Server1 to domain controller.
You need to view the service location (SVR) records that Server1 registers on DNS.
What should you do on Server1?
A. Open the Srv.sys file
B. Open the Netlogon.dns file
C. Run ipconfig/displaydns
D. Run Get-DnsServerDiagnostics
Answer: B
Explanation:
in DNS service location records (SRV resource records) are created for each domain controller, enabling the client to locate the domain controller.
The messages can be viewed directly in the DNS Manager. Site-specific and general entries are created for each domain controller. You can find the site-specific items in the following path: Forward Lookup Zones / _msdcs. Domain Name / dc / _sites / site name / _tcp SRV records are created for the following two services:
_kerberos
_ldap
Alternatively, you can view using a text editor the file netlogon.dns. The file netlogon.dns see the path% systemroot% \ System32 \ Config. The figure shows the entries in the file netlogon.dns for a domain with a site and a domain controller:
QUESTION 190
Your company has a remote office that contains 600 client computers on a single subnet.
You need to select a subnet mask for the network that will support all of the client computers.
The solution must minimize the number of unused addresses.
Which subnet mask should you select?
A. 255.255.252.0
B. 255.255.254.0
C. 255.255.255.0
D. 255.255.255.128
Answer: A
Explanation:
The subnet mask 255.255.252.0 allows 10 bits for host addressing 2 ^ 10-2 = 1022 addresses, making it the closest to the required 600 IP addresses.
The remaining three subnets each comprise less than 600 addresses.
Incorrect Answers:
B: The subnet 255.255.254.0 provides 2 ^ 9-2 = 510 too few IP addresses.
C: The subnet 255.255.255.0 has only 254 addresses for the client addressing.
D: The subnet 255.255.255.128 is 7 bits available for the host part of the IP addresses and offers 2 ^ 7-2 = 126 IP addresses.
QUESTION 191
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account.
How should you configure Service1?
A. From Windows PowerShell, run Set-Service and specify the -PassThrough parameter.
B. From a command prompt, run sc.exe and specify the config parameter.
C. From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
D. From a command prompt, run sc.exe and specify the privs parameter.
Answer: B
Explanation:
A. General settings only allow you to stop, start and set type/paramaters
B. Set-Service provides a way for you to change the Description, StartupType, or DisplayName of a service
C. Modifies service configuration
D. Sets the response/action on service failure
http://windows.microsoft.com/en-us/windows-vista/using-system-configuration http://technet.microsoft.com/en-us/library/ee176963.aspx
http://technet.microsoft.com/en-us/library/cc990290(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc738230(v=ws.10).aspx
QUESTION 192
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.
You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.
You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.
Which two settings should you configure in GPO1?
To answer, select the appropriate two settings in the answer area.
Answer:
QUESTION 193
Your network contains an Active Directory domain named contoso.com. All client computers run Windows Vista Service Pack 2 (SP2). All client computers are in an organizational unit (OU) named OU1. All user accounts are in an OU named OU2. All users log on to their client computer by using standard user accounts. A Group Policy object (GPO) named GPO1 is linked to OU1.
A GPO named GPO2 is linked to OU2.
You need to apply advanced audit policy settings to all of the client computers.
What should you do?
A. In GPO1, configure a startup script that runs auditpol.exe.
B. In GPO2, configure a logon script that runs auditpol.exe.
C. In GPO1, configure the Advanced Audit Policy Configuration settings.
D. In GPO2, configure the Advanced Audit Policy Configuration settings.
Answer: A
Explanation:
All versions of Windows Server 2008 R2 and Windows 7 that can process Group Policy, (Advanced Audit Policy Configuration) can be configured to use the new security monitoring extensions. Versions of Windows Server 2008 R2 and Windows 7 that can not join a domain, do not have access to these features. Between 32-bit and 64-bit versions of Windows 7 there is no difference in supporting security monitoring. In addition, some special considerations with regard to various tasks are required, are known to be associated with the monitoring enhancements in Windows Server 2008 R2 and Windows 7 :
Create an audit policy.
To create an advanced Windows security auditing policy must be used 7 a computer running Windows Server 2008 R2 or Windows. You can use the Group Policy Management Console on a computer running Windows 7 after the Remote Server Administration Tools installed.
Apply auditing policy settings.
If you use Group Policy to apply the advanced audit policy settings and global object access settings must be running on client computers Windows Server 2008 R2 or Windows 7. Moreover, only computers running Windows Server 2008 R2 or Windows 7, providing reporting data with information on basic access.
Developing an audit policy model.
To plan advanced security audit settings and global object access settings, you must use the Group Policy Management Console, which is aligned to a domain controller that is running Windows Server 2008 R2.
Distributing the audit policy.
After developing a GPO that includes advanced security auditing settings, it can be distributed by domain controllers running any Windows server operating system is running using. However, if you can not place any client computer that is running Windows 7, in a separate organizational unit (OU), use the Windows Management Instrumentation filtering to ensure that the advanced policy settings are only for client computers that are running Windows 7, taken ,Advanced audit policy settings may also be acquired for client computers running Windows Vista. However, the audit policies for these client computers must be separately created and acquired by using the logon script of type “Auditpol.exe”.
The combined use of the basic audit policy settings under Local Policies \ Audit Policy and the advanced settings under Configuration of the extended audit policy may have unexpected results. Therefore, two sets of audit policy settings should not be combined. If you are using the advanced configuration settings for the monitoring policy, select the policy setting monitoring: Subcategory the audit policy setting force (Windows Vista or later) to set Settings category in the audit policy repealed under Local Policies \ Security Options. This conflicts between similar settings can be prevented by the basic safeguards will be ignored.
QUESTION 194
You have a server that runs Windows Server 2012 R2.
You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012 R2.
You plan to apply several updates to Windows2012.vhd.
You need to mount Windows2012.vhd to H:\.
Which tool should you use?
A. Device Manager
B. Diskpart
C. Mountvol
D. Server Manager
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc753321.aspx
You can use the Deployment Image Servicing and Management (DISM) tool to mount a Windows image from a WIM or VHD file. Mounting an image maps the contents of the image to a directory so that you can service the image using DISM without booting into the image. You can also perform common file operations, such as copying, pasting, and editing on a mounted image.
To apply packages and updates to a Windows Embedded Standard 7 image, we recommend creating a configuration set and then using Deployment Imaging Servicing and Management (DISM) to install that configuration set. Although DISM can be used to install individual updates to an image, this method carries some additional risks and is not recommended.
QUESTION 195
Your network contains two Active Directory domains named contoso.com and adatum.com. The contoso.com domain contains a server named Server1.contoso.com. The adatum.com domain contains a server named server2.adatum.com. Server1 and Server2 run Windows Server 2012 R2 and have the DirectAccess and VPN (RRAS) role service installed. Server1 has the default network policies and the default connection request policies.
You need to configure Server1 to perform authentication and authorization of VPN connection requests to Server2.
Only users who are members of Adatum\Group1 must be allowed to connect.
Which two actions should you perform on Server1?
(Each correct answer presents part of the solution. Choose two.)
A. Network policies
B. Connection request policies
C. Create a network policy.
D. Create a connection request policy.
Answer: AD
Explanation:
* Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
* With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client
QUESTION 196
Your network contains an Active Directory forest named contoso.com.
All servers run Windows Server 2012 R2.
You need to create a custom Active Directory Application partition.
Which tool should you use?
A. Netdom
B. Ntdsutil
C. Dsmod
D. Dsamain
Answer: B
Explanation:
* To create or delete an application directory partition Open Command Prompt.
Type:ntdsutil
At the ntdsutil command prompt, type:domain management
At the domain management command prompt, type:connection At the server connections command prompt, type:connect to server ServerName At the server connections command prompt, type:quit
At the domain management command prompt, do one of the following:
* partition management
Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2.
/ partition management create nc %s1 %s2
Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify “NULL” for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3.
Note:
* An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition.
QUESTION 197
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2. The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.)
You need to enable access-based enumeration on the DFS namespace. What should you do first?
A. Install the File Server Resource Manager role service on Server3 and Server5.
B. Raise the domain functional level.
C. Delete and recreate the namespace.
D. Raise the forest functional level.
Answer: C
Explanation:
Access-based enumeration is only supported on a Domain-based Namespace in Windows Server 2008 Mode. This type of Namespace requires a minimum Windows Server 2003 forest functional level and a minimum Windows Server 2008 domain functional level.
The exhibit indicates that the current namespace is a Domain-based Namespace in Windows Server 2000 Mode. To migrate a domain-based namespace from Windows 2000 Server mode to Windows Server 2008 mode, you must export the namespace to a file, delete the namespace, recreate it in Windows Server 2008 mode, and then import the namespace settings.
http://msdn.microsoft.com/en-us/library/cc770287.aspx
http://msdn.microsoft.com/en-us/library/cc753875.aspx
QUESTION 198
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain.
Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2.
OU1 contains a client computer named Computer1. OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on.
What should you configure?
A. The GPO Status
B. GPO links
C. The Enforced setting
D. Security Filtering
Answer: D
Explanation:
* GPOs cannot be linked directly to users, computers, or security groups. They can only be linked to sites, domains and organizational units. However, by using security filtering, you can narrow the scope of a GPO so that it applies only to a single group, user, or computer.
* Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Reference: Security filtering using GPMC
QUESTION 199
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
A. The Secedit command
B. Server Manager
C. Group Policy Object Editor
D. The Invoke-GpUpdate cmdlet
Answer: D
Explanation:
Invoke-GPUpdate
Schedule a remote Group Policy refresh (gpupdate) on the specified computer.
Applies To: Windows Server 2012 R2
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on remote computers by scheduling the running of the Gpupdate command on a remote computer.
You can combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period of time, up to a maximum of 31 days.
To avoid putting a load on the network, the refresh times will be offset by a random delay.
Note:
Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure a computer and user experience within a domain. When the Resultant Set of Policy settings does not conform to your expectations, a best practice is to first verify that the computer or user has received the latest policy settings. In previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. With Windows Server 2012 R2 and Windows 8, you can remotely refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within the OU structure–for example, if the computers are located in the default computers container. The remote Group Policy refresh updates all Group Policy settings, including security settings that are set on a group of remote computers, by using the functionality that is added to the context menu for an OU in the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group Policy settings on all the computers in that OU, the following operations happen:
An Active Directory query returns a list of all computers that belong to that OU.
For each computer that belongs to the selected OU, a WMI call retrieves the list of signed in users.
A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to decrease the load on the network traffic. This random delay cannot be configured when you use the GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run immediately when you use the Invoke-GPUpdate cmdlet.
QUESTION 200
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines.
You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?
A. Windows System Resource Manager (WSRM)
B. Task Manager
C. Resource Monitor
D. Hyper-V Manager
Answer: D
Explanation:
Hyper-V Performance Monitoring Tool
Know which resource is consuming more CPU. Find out if CPUs are running at full capacity or if they are being underutilized. Metrics tracked include Total CPU utilization, Guest CPU utilization, Hypervisor CPU utilization, idle CPU utilization, etc. WSRM is deprecated starting with Windows Server 2012
GreatExam helps millions of candidates pass the Microsoft 70-411 exam and get the certification. We have tens of thousands of successful stories. Our dumps are reliable, affordable, updated and of really best quality to overcome the difficulties of Microsoft 70-411 certifications. GreatExam exam dumps are latest updated in highly outclass manner on regular basis and material is released periodically.