Master the 70 411 pdf Administering Windows Server 2012 content and be ready for exam day success quickly with this Testking 70 411 vce testing engine. We guarantee it!We make it a reality and give you real mcsa 70 411 questions in our Microsoft 70 411 study guide braindumps.Latest 100% VALID Microsoft 70 411 exam Exam Questions Dumps at below page. You can use our Microsoft microsoft 70 411 braindumps and pass your exam.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-411 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-411-exam-dumps.html

Q21. Your network contains one Active Directory domain named contoso.com. 

From the Group Policy Management console, you view the details of a Group Policy object (GPO) named GPO1. You need to ensure that the comments field of GPO1 contains a detailed description of 

GPO1. 

What should you do? 

A. From Active Directory Users and Computers, edit the properties of contoso.com/System/Policies/{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}. 

B. Open GPO1 in the Group Policy Management Editor, and then modify the properties of GPO1. 

C. From Notepad, edit \contoso.comSYSVOL contoso.comPolicies{229DCD27-9D98-ACC2-A6AE-ED765F065FF5}gpt.ini. 

D. From Group Policy Management, click View, and then click Customize. 

Answer:

Explanation: Adding a comment to a Group Policy object 

Open the Group Policy Management Console. Expand the.Group Policy Objects.node

. Right-click the Group Policy object you want to comment and then click.Edit.

. In the console tree, right-click the name of the Group Policy object and then click.Properties.

. Click the.Comment.tab. 

Type your comments in the.Comment.box. 

Click.OK 

Reference: Comment a Group Policy Object 

https://technet.microsoft.com/en-us/library/cc770974.aspx 


Q22. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. 

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.) 

On Server1, you have a folder named C:Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1. 

You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1. 

What should you configure? 

A. the Audit File Share setting of Servers GPO 

B. the Sharing settings of C:Share1 

C. the Audit File System setting of Servers GPO 

D. the Security settings of C:Share1 

Answer:

Explanation: 

You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. 

Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node. 

File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in the event log. 

To view connections to shared resources, type net session at a command prompt or follow these steps: 

In Computer Management, connect to the computer on which you created the shared resource. 

In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers. 

To enable folder permission auditing, you can follow the below steps: 

Click start and run "secpol. msc" without quotes. 

Open the Local PoliciesAudit Policy 

Enable the Audit object access for "Success" and "Failure". 

Go to target files and folders, right click the folder and select properties. 

Go to Security Page and click Advanced. 

Click Auditing and Edit. 

Click add, type everyone in the Select User, Computer, or Group. 

Choose Apply onto: This folder, subfolders and files. 

Tick on the box “Change permissions” 

Click OK. 

After you enable security auditing on the folders, you should be able to see the folder permission changes in the server's Security event log. Task Category is File System. 

References: 

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/ 

http: //technet. microsoft. com/en-us/library/cc753927(v=ws. 10). aspx 

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/ 

http: //support. microsoft. com/kb/300549 

http: //www. windowsitpro. com/article/permissions/auditing-folder-permission-changes 

http: //www. windowsitpro. com/article/permissions/auditing-permission-changes-on-a-folder 


Q23. HOTSPOT 

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1. 

Your company implements DirectAccess. 

A user named User1 works at a customer's office. The customer's office contains a server named Server1. 

When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com. You need to provide User1 with the ability to connect to Server1 in the customer's office. Which Group Policy option should you configure? To answer, select the appropriate option in the answer area. 

Answer: 


Q24. DRAG DROP 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the 

Network Policy and Access Services server role installed. 

All of the VPN servers on your network use Server1 for RADIUS authentication. 

You create a security group named Group1. 

You need to configure Network Policy and Access Services (NPAS) to meet the following 

requirements: 

. Ensure that only the members of Group1 can establish a VPN connection to the VPN servers. 

. Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later. 

Which type of policy should you create for each requirement? 

To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 

Answer: 


Q25. Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. 

On Server1, you create a standard primary zone named contoso.com. 

You need to ensure that Server2 can host a secondary zone for contoso.com. 

What should you do from Server1? 

A. Add Server2 as a name server. 

B. Create a trust anchor named Server2. 

C. Convert contoso.com to an Active Directory-integrated zone. 

D. Create a zone delegation that points to Server2. 

Answer:

Explanation: 

Typically, adding a secondary DNS server to a zone involves three steps: 

1. 

On the primary DNS server, add the prospective secondary DNS server to the list of name servers that are authoritative for the zone. 

2. On the primary DNS server, verify that the transfer settings for the zone permit the zone to be transferred to the prospective secondary DNS server. 

3. On the prospective secondary DNS server, add the zone as a secondary zone. 

You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server's IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list. Secondary zones cannot be AD-integrated under any circumstances. 

You want to be sure Server2 can host, you do not want to delegate a zone. 

Secondary Domain Name System (DNS) servers help provide load balancing and fault tolerance. Secondary DNS servers maintain a read-only copy of zone data that is transferred periodically from the primary DNS server for the zone. You can configure DNS clients to query secondary DNS servers instead of (or in addition to) the primary DNS server for a zone, reducing demand on the primary server and ensuring that DNS queries for the zone will be answered even if the primary server is not available. 

How-To: Configure a secondary DNS Server in Windows Server 2012 

We need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise replication will fail and you will get this big red X. 

Head over to your primary DNS server, launch DNS manager, expand Forward Lookup Zones, navigate to your primary DNS zone, right-click on it and go to Properties. 

Go to “Zone Transfers” tab, by default, for security reasons, the “Allow zone transfers: ” is un-checked to protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not want to select “To any server” but make sure you click on “Only to servers listed on the Name Servers tab”. 

Head over to the “Name Servers” tab, click Add. 

You will get “New Name Server Record” window, type in the name of your secondary DNS server. it is always better to validate by name not IP address to avoid future problems in case your IP addresses change. Once done, click OK. 

You will see your secondary DNS server is now added to your name servers selection, click OK. 

Now if you head back to your secondary DNS server and refresh, the big red X will go away and your primary zone data will populate. 

Your secondary DNS is fully setup now. You cannot make any DNS changes from your secondary DNS. Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS. 

References: 

http: //technet. microsoft. com/en-us/library/cc816885%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc816814%28v=ws. 10%29. aspx 

http: //blog. hyperexpert. com/how-to-configure-a-secondary-dns-server-in-windows-server-2012/ 

http: //technet. microsoft. com/en-us/library/cc770984. aspx 

http: //support. microsoft. com/kb/816101 

http: //technet. microsoft. com/en-us/library/cc753500. aspx 

http: //technet. microsoft. com/en-us/library/cc771640(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/ee649280(v=ws. 10). aspx 


Q26. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. 

You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing. 

You need to ensure that the new zone will be available only on DC5 and DCG. 

What should you do first? 

A. Change the zone replication scope. 

B. Create an Active Directory connection object. 

C. Create an Active Directory site link. 

D. Create an application directory partition. 

Answer:

Explanation: 

You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition. 


Q27. HOTSPOT 

Your network contains 25 Web servers that run Windows Server 2012 R2. 

You need to configure auditing policies that meet the following requirements: 

. Generate an event each time a new process is created. 

. Generate an event each time a user attempts to access a file share. 

Which two auditing policies should you configure? To answer, select the appropriate two auditing policies in the answer area. 

Answer: 


Q28. You have a server named Server1 that runs Windows Server 2012 R2. 

You discover that the performance of Server1 is poor. 

The results of a performance report generated on Server1 are shown in the following table. 

You need to identify the cause of the performance issue. 

What should you identify? 

A. Driver malfunction 

B. Insufficient RAM 

C. Excessive paging 

D. NUMA fragmentation 

Answer:

Explanation: 

Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface. 

Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity. 

Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code. 

Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue. 

Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that 

Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data. 

References: 

http: //technet. microsoft. com/en-us/library/cc768048. aspx 


Q29. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed. 

You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard. 

You need to ensure that you can configure the VPN enforcement method on Server1 successfully. 

What should you install on Server1 before you run the Configure NAP wizard? 

A. A system health validator (SHV) 

B. The Host Credential Authorization Protocol (HCAP) 

C. A computer certificate 

D. The Remote Access server role 

Answer:

Explanation: 

Configure NAP enforcement for VPN 

This checklist provides the steps required to deploy computers with Routing and Remote 

Access Service installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection (NAP). 


Q30. HOTSPOT 

You have a server named LON-SVR1 that runs Windows Server 2012 R2. LON-SVR1 has the Remote Access server role installed. LON-SVRl is located in the perimeter network. 

The IPv4 routing table on LON-SVR1 is configured as shown in the following exhibit. (Click the Exhibit button.) 

Your company purchases an additional router named Router1. Router1 has an interface that connects to the perimeter network and an interface that connects to the Internet. The IP address of the interface that connects to the perimeter network is 172.16.0.2. 

You need to ensure that LON-SVR1 will route traffic to the Internet by using Router1 if the current default gateway is unavailable. 

How should you configure the static route on LON-SVR1? To answer, select the appropriate static route in the answer area. 

Answer: