Pass4sure offers free demo for 70 411 administering windows server 2012 r2 pdf exam. "Administering Windows Server 2012", also known as 70 411 exam dumps exam, is a Microsoft Certification. This set of posts, Passing the Microsoft 70 411 pdf exam, will help you answer those questions. The 70 411 study guide Questions & Answers covers all the knowledge points of the real exam. 100% real Microsoft 70 411 exam dumps exams and revised by experts!


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-411 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/70-411-exam-dumps.html

Q81. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify which domain controller must be online when cloning a domain controller. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer:

Explanation: One requirement for cloning a domain controller is an existing Windows Server 2012 DC that hosts the PDC emulator role. You can run the Get-ADDomain and retrieve which server has the PDC emulator role. 

Example: Command Prompt: C:PS> 

Get-ADDomain 

Output wouldinclude a line such as: PDCEmulator : Fabrikam-DC1.Fabrikam.com 

Incorrect: 

Not A: The Get-ADGroupMember cmdlet gets the members of an Active Directory group. 

Members can be users, groups, and computers. 

Not E: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory. 

Not F: The Get-ADAuthorizationGroup cmdlet gets the security groups from the specified user, computer or service accounts token. 

Reference: Step-by-Step: Domain Controller Cloning 

http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx 

Reference: Get-ADDomain https://technet.microsoft.com/en-us/library/ee617224.aspx 


Q82. You have a server named Server1 that runs Windows Server 2012 R2. 

An administrator creates a quota as shown in the Quota exhibit. (Click the Exhibit button.) 

You run the dir command as shown in the Dir exhibit. (Click the Exhibit button.) 

You need to ensure that D:Folder1 can only consume 100 MB of disk space. 

What should you do? 

A. From File Server Resource Manager, create a new quota. 

B. From File Server Resource Manager, edit the existing quota. 

C. From the Services console, set the Startup Type of the Optimize drives service to Automatic. 

D. From the properties of drive D, enable quota management. 

Answer:

Explanation: 

1. In Quota Management, click the Quota Templates node. 

2. In the Results pane, select the template on which you will base your new quota. 

3. Right-click the template and click Create Quota from Template (or select Create Quota from Template from the Actions pane). This opens the Create Quota dialog box with the summary properties of the quota template displayed. 

4. Under Quota path, type or browse to the folder that the quota will apply to. 

5. Click the Create quota on path option. Note that the quota properties will apply to the entire folder. 

Note: To create an auto apply quota, click the Auto apply template and create quotas on existing and new subfolders option. For more information about auto apply quotas, see Create an Auto Apply Quota. 

6. Under Drive properties from this quota template, the template you used in step 2 to create your new quota is preselected (or you can select another template from the list). Note that the template's properties are displayed under Summary of quota properties. 

7. Click Create. 

Create a new Quota on path, without using the auto apply template and create quota on existing and new subfolders. 

Reference: http: //technet.microsoft.com/en-us/library/cc755603(v=ws.10).aspx 


Q83. Your network contains two Active Directory domains named contoso.com and adatum.com. 

The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. Server1 has a copy of the contoso.com DNS zone. 

You need to configure Server1 to resolve names in the adatum.com domain. The solution must meet the following requirements: 

Prevent the need to change the configuration of the current name servers that host zones for adatum.com. Minimize administrative effort. 

Which type of zone should you create? 

A. Secondary 

B. Stub 

C. Reverse lookup 

D. Primary 

Answer:

Explanation: 

When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone. 

A stub zone is a copy of a zone that contains only necessary resource records (Start of Authority (SOA), Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the authoritative name server. The stub zone allows the server to forward queries to the name server that is authoritative for the master zone without going up to the root name servers and working its way down to the server. While a stub zone can improve performance, it does not provide redundancy or load sharing. 

You can use stub zones to: 

Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone. 

Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers, without having to query the Internet or an internal root server for the DNS namespace. 

Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy and load sharing. 

There are two lists of DNS servers involved in the loading and maintenance of a stub zone: 

The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone. 

The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records. 

When a DNS server loads a stub zone, such as widgets. tailspintoys.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets. tailspintoys.com. The list of master servers may contain a single server or multiple servers, and it can be changed anytime. 

References: http: //technet.microsoft.com/en-us/library/cc771898.aspx http: //technet.microsoft.com/en-us/library/cc754190.aspx http: //technet.microsoft.com/en-us/library/cc730980.aspx 


Q84. HOTSPOT 

You have a server named Server4 that runs Windows Server 2012 R2. Server4 has the Windows Deployment Services server role installed. 

Server4 is configured as shown in the exhibit. (Click the Exhibit button.) 

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. 

Answer: 


Q85. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 

You log on to Server1 by using a user account named User2. 

From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2. 

To which group should you add User2? 

A. Enterprise Admins 

B. Administrators 

C. Account Operators 

D. Server Operators 

Answer:

Explanation: 

You must have privileges to create WMI filters in the domain in which you want to create the filter. Permissions can be changed by adding a user to the Administrators group. 

Administrators (A built-in group) After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group. The Administrators group has built-in capabilities that give its members full control over the system. The group is the default owner of any object that is created by a member of the group. This example logs in as a test user who is not a domain user or an administrator on the server. This results in the error specifying that DA can only be configured by a user with local administrator permissions. 

References: http://technet.microsoft.com/en-us/library/cc780416(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc775497(v=ws.10).aspx 


Q86. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. 

All client computers run Windows 8 Enterprise. 

DC1 contains a Group Policy object (GPO) named GPO1. 

You need to deploy a VPN connection to all users. 

What should you configure from User Configuration in GPO1? 

A. Policies/Administrative Templates/Network/Windows Connect Now 

B. Policies/Administrative Templates/Network/Network Connections 

C. Policies/Administrative Templates/Windows Components/Windows Mobility Center 

D. Preferences/Control Panel Settings/Network Options 

Answer:

Explanation: 

1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. 

2. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. 

3. Right-click the Network Options node, point to New, and select VPN Connection. 

The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension. 

Reference: http: //technet.microsoft.com/en-us/library/cc772449.aspx 


Q87. Your network contains an Active Directory domain named contoso.com. 

All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2. 

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop. 

You discover that when a user signs in, the Link1 is not added to the desktop. 

You need to ensure that when a user signs in, Link1 is added to the desktop. 

What should you do? 

A. Enforce GPO1. 

B. Enable loopback processing in GPO1. 

C. Modify the Link1 shortcut preference of GPO1. 

D. Modify the Security Filtering settings of GPO1. 

Answer:

Explanation: 

Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO. 


Q88. HOTSPOT 

Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. 

You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee. 

You create the auditing entry as shown in the exhibit. (Click the Exhibit button.) 

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. 

Answer: 


Q89. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed. 

Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes. 

You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.) 

You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1. 

What should you create? 

A. A connection request policy that has the Service Type condition 

B. A connection request policy that has the Identity Type condition 

C. A network policy that has the Identity Type condition 

D. A network policy that has the MS-Service Class condition 

Answer:

Explanation: 

MS-Service Class 

Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. 

Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want to configure. 

In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network Access Protection group of conditions. 

If you want to configure the Identity Type condition, click Identity Type, and then click Add. 

In Specify the method in which clients are identified in this policy, select the items appropriate for your deployment, and then click OK. 

The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods to allow client health checks when NPS does not receive an Access-Request message that contains a value for the User-Name attribute; in this case, client health checks are performed, but authentication and authorization are not performed. 

If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and then click Add. 

The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. 

References: http: //technet. microsoft. com/en-us/library/cc731560(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/cc731220(v=ws. 10). aspx 


Q90. Your network contains an Active Directory domain named contoso.com. 

Network Policy Server (NPS) is deployed to the domain. 

You plan to deploy Network Access Protection (NAP). 

You need to configure the requirements that are validated on the NPS client computers. 

What should you do? 

A. From the Network Policy Server console, configure a network policy. 

B. From the Network Policy Server console, configure a health policy. 

C. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV) policy. 

D. From a Group Policy object (GPO), configure the NAP Client Configuration security setting. 

E. From a Group Policy object (GPO), configure the Network Access Protection Administrative Templates setting. 

Answer: