MICROSOFT OFFICIAL: New Updated 70-411 Exam Questions from Braindump2go 70-411 PDF Dumps and 70-411 VCE Dumps! Welcome to Download the Newest Braindump2go 70-411 VCE&PDF Dumps: http://www.braindump2go.com/70-411.html (322 Q&As)
Braindump2go New Published Microsoft 70-411 Dumps PDF Contanins the latest questions from Microsoft Exam Center! 100% Certification got guaranteed!
Exam Code: 70-411
Exam Name Administering Windows Server 2012
Certification Provider: Microsoft
Corresponding Certifications: MCSA, MCSA: Windows Server 2012, MCSE, MCSE: Desktop Infrastructure, MCSE: Private Cloud, MCSE: Server Infrastructure
Keywords:70-411 Dumps,70-411 Microsoft Exam Questions,70-411 VCE,70-411 PDF,70-411 Practice Exams,70-411 Practice Tests,70-411 Book,70-411 Study Guide
QUESTION 111
Your network contains a RADIUS server named Server1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you create a new remote RADIUS server group named Group1 that contains Server1.
What should you configure next on Server2?
To answer, select the appropriate node in the answer area.
Answer:
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. http://technet.microsoft.com/en-us/library/cc753603.aspx
QUESTION 112
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed. Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non- compliant DHCP clients from Scope1.
What should you create?
A. A network policy that has the MS-Service Class condition
B. A network policy that has the Identity Type condition
C. A connection request policy that has the Identity Type condition
D. A connection request policy that has the Service Type condition
Answer: A
Explanation:
Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
QUESTION 113
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You have a client named Client1 that is configured as an 802.1X supplicant.
You need to configure Server1 to handle authentication requests from Client1. The solution must minimize the number of authentication methods enabled on Server1.
Which authentication method should you enable?
To answer, select the appropriate authentication method in the answer area.
Answer:
Explanation:
Microsoft Windows uses EAP to authenticate network access for Point-to-Point Protocol (PPP) connections (dial-up and virtual private network) and for IEEE 802.1X-based network access to authenticating Ethernet switches and wireless access points (APs). http://technet.microsoft.com/en-us/library/bb457039.aspx
QUESTION 114
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2.
You add a VPN server named Server2 to the network. On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
A. Connection Manager Administration Kit (CMAK).
B. Routing and Remote Access
C. Network Policy Server (NPS)
D. Set-RemoteAccessRadius
Answer: C
Explanation:
Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access-Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy.
http://technet.microsoft.com/en-us/library/cc753603.aspx http://www.youtube.com/watch?v=0_1GOBTL4FE
QUESTION 115
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains the users shown in the following table.
You have a Network Policy Server (NPS) server that has the network policies shown in the following table.
User1, User2, and User3 plan to connect to the network by using a VPN.
You need to identify which network policy will apply to each user.
What should you identify?
To answer, select the appropriate policy for each user in the answer area.
Answer:
QUESTION 116
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1.
VPN1 forwards all authentication requests to NPS1.
A partner company has an Active Directory forest named adatum.com.
The adatum.com forest contains an NPS server named NPS2.
You plan to grant users from adatum.com VPN access to your network.
You need to authenticate the users from adatum.com on VPN1.
What should you create on each NPS server?
To answer, drag the appropriate objects to the correct NPS servers. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
QUESTION 117
Hotspot Question
You have a server named LON-SVR1 that runs Windows Server 2012 R2. LON-SVR1 has the Remote Access server role installed. LON-SVRl is located in the perimeter network.
The IPv4 routing table on LON-SVR1 is configured as shown in the following exhibit. (Click the Exhibit button.)
Your company purchases an additional router named Router1. Router1 has an interface that connects to the perimeter network and an interface that connects to the Internet. The IP address of the interface that connects to the perimeter network is 172.16.0.2.
You need to ensure that LON-SVR1 will route traffic to the Internet by using Router1 if the current default gateway is unavailable.
How should you configure the static route on LON-SVR1?
To answer, select the appropriate static route in the answer area.
Answer:
QUESTION 118
Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8. Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).
You need to identify which policy settings can be Applied to all of the Windows XP computers.
Which three policy settings should you identify?
(Each correct answer presents part of the solution. Choose three.)
A. A firewall is enabled for all network connections.
B. An antispyware application is on.
C. Automatic updating is enabled.
D. Antivirus is up to date.
E. Antispyware is up to date.
Answer: ACD
Explanation:
* System health agent (SHA) is a NAP component.
* System health agent (SHA)
A component that checks the state of the client computer to determine whether the settings monitored by the SHA are up-to-date and configured correctly. For example, the Windows Security Health Agent (WSHA) can monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether antispyware software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the computer has the most recent security updates from Microsoft Update Services. There might also be SHAs (and corresponding system health validators) available from other companies that provide different functionality.
QUESTION 119
Your network contains an Active Directory domain named adatum.com.
You have a Group Policy object (GPO) that configures the Windows Update settings.
Currently, client computers are configured to download updates from Microsoft Update servers. Users choose when the updates are installed.
You need to configure all client computers to install Windows updates automatically.
Which setting should you configure in the GPO?
To answer, select the appropriate setting in the answer area.
Answer:
Explanation:
http://support.microsoft.com/kb/328010#method1
QUESTION 120
Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain.
You need to create NAP event trace log files on a client computer.
What should you run?
A. Logman
B. Tracert
C. Register-EngineEvent
D. Register-ObjectEvent
Answer: A
Explanation:
You can enable NAP client tracing by using the command line. On computers running Windows Vista®, you can enable tracing by using the NAP Client Configuration console.
NAP client tracing files are written in Event Trace Log (ETL) format. These are binary files representing trace data that must be decoded by Microsoft support personnel. Use the –o option to specify the directory to which they are written. In the following example, files are written to %systemroot%\tracing\nap.
For more information, see Logman (http: //go.microsoft. com/fwlink/?LinkId=143549).
To create NAP event trace log files on a client computer
– Open a command line as an administrator.
– Type
logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o
%systemroot%\tracing\nap\QAgentRt. etl – ets.
Note: To troubleshoot problems with WSHA, use the following GUID: 789e8f15-0cbf-4402-
b0ed-0e22f90fdc8d.
– Reproduce the scenario that you are troubleshooting.
– Type logman stop QAgentRt -ets.
– Close the command prompt window.
http://technet. microsoft. com/en-us/library/dd348461%28v=ws.10%29. Aspx
Latest 70-411 Questions and Answers from Microsoft Exam Center Offered by Braindump2go for Free Share Now! Read and remember all Real Questions Answers, Guaranteed Pass 70-411 Real Test 100% Or Full Money Back!
FREE DOWNLOAD: NEW UPDATED 70-411 PDF Dumps & VCE Dumps from Braindump2go: http://www.braindump2go.com/70-411.html (322 Q&As)