♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-411 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-411-exam-dumps.html

Q61. Your network contains an Active Directory domain named contoso.com. The domain 

contains a domain controller named DC1 that runs Windows Server 2012 R2. 

All client computers run Windows 8 Enterprise. 

DC1 contains a Group Policy object (GPO) named GPO1. 

You need to update the PATH variable on all of the client computers. 

Which Group Policy preference should you configure? 

A. Ini Files 

B. Services 

C. Data Sources 

D. Environment 

Answer:

Explanation: 

Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension. 


Q62. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. You implement DirectAccess. 

You need to view the properties of the DirectAccess connection. 

Which connection properties should you view? To answer, select the appropriate connection properties in the answer area. 

Answer: 


Q63. HOTSPOT 

Your network contains one Active Directory domain named contoso.com. The domain contains 10 file servers that run Windows Server 2012 R2. 

You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drives of the file servers. 

You need to configure BitLocker policies for the file servers to meet the following requirements: 

. Ensure that all of the servers use a startup PIN for operating system drives encrypted with BitLocker. 

. Ensure that the BitLocker recovery key and recovery password are stored in Active 

Directory. Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area. 

Answer: 


Q64. Your network contains a single Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

The domain contains 400 desktop computers that run Windows 8 and 10 desktop computers that run Windows XP Service Pack 3 (SP3). All new desktop computers that are added to the domain run Windows 8. 

All of the desktop computers are located in an organizational unit (OU) named OU1. 

You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings. You link GPO1 to OU1. 

You need to ensure that GPO1 is applied only to computers that run Windows XP SP3. 

What should you do? 

A. Create and link a WML filter to GPO1 

B. Run the Set-GPInheritance cmdlet and specify the -target parameter. 

C. Run the Set-GPLink cmdlet and specify the -target parameter. 

D. Modify the Security settings of OU1. 

Answer:

Explanation: 

WMI Filtering is used to get information of the system and apply the GPO on it with the condition is met. 

Security filtering: apply a GPO to a specific group (members of the group) 


Q65. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. 

You run ntdsutil as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that you can access the contents of the mounted snapshot. What should you do? 

A. From the snapshot context of ntdsutil, run activate instance "NTDS". 

B. From a command prompt, run dsamain.exe -dbpath c:$snap_201204131056_volumec$windowsntdsntds. dit -Idapport 389. 

C. From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0-2f56d827a57d}. 

D. From a command prompt, run dsamain.exe -dbpath c:$snap_201204131056_volumec$windowsntdsntds. dit -Idapport 33389. 

Answer:

Explanation: 

By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain sensitive AD DS data. If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you run Dsamain.exe. If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER). 

References: 

http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx 


Q66. You have a DNS server named DN51 that runs Windows Server 2012 R2. 

On DNS1, you create a standard primary DNS zone named adatum.com. 

You need to change the frequency that secondary name servers will replicate the zone from DNS1. 

Which type of DNS record should you modify? 

A. Name server (NS) 

B. Start of authority (SOA) 

C. Host information (HINFO) 

D. Service location (SRV) 

Answer:

Explanation: 

The time to live is specified in the Start of Authority (SOA) record Note: TTL (time to live) - The number of seconds a domain name is cached locally before expiration and return to authoritative nameservers for updated information. 


Q67. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed. 

Your company's security policy requires that certificate-based authentication must be used by some network services. 

You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy. 

Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.) 

A. MS-CHAP 

B. PEAP-MS-CHAP v2 

C. Chap 

D. EAP-TLS 

E. MS-CHAP v2 

Answer: B,D 

Explanation: 

PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify their identities to each other. 


Q68. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 

A network administrator accidentally deletes the Default Domain Policy GPO. 

You do not have a backup of any of the GPOs. 

You need to recreate the Default Domain Policy GPO. 

What should you use? 

A. Dcgpofix 

B. Get-GPOReport 

C. Gpfixup 

D. Gpresult 

E. Gpedit. msc 

F. Import-GPO 

G. Restore-GPO 

H. Set-GPInheritance 

I. Set-GPLink 

J. Set-GPPermission 

K. Gpupdate 

L. Add-ADGroupMember 

Answer:

Explanation: 

Dcgpofix Restores the default Group Policy objects to their original state (that is, the default state after initial installation). 

Reference: http: //technet. microsoft. com/en-us/library/hh875588(v=ws. 10). aspx 


Q69. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. 

You have a Password Settings object (PSOs) named PSO1. 

You need to view the settings of PSO1. 

Which tool should you use? 

A. Get-ADDefaultDomainPasswordPolicy 

B. Active Directory Administrative Center 

C. Local Security Policy 

D. Get-ADAccountResultantPasswordReplicationPolicy 

Answer:

Explanation: 

In Windows Server 2012, fine-grained password policy management is made much easier than Windows Server 2008/2008 R2. Windows Administrators not have to use ADSI Edit and configure complicated settings to create the Password Settings Object (PSO) in the Password Settings Container. Instead we can configure fine-grained password policy directly in Active Directory Administrative Center (ADAC). 


Q70. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. 

You move several file servers that store sensitive company documents to OU1. Each file server contains more than 40 shared folders. 

You need to audit all of the failed attempts to access the files on the file servers in OU1. The solution must minimize administrative effort. 

Which two audit policies should you configure in GPO1? To answer, select the appropriate two objects in the answer area. 

Answer: