MICROSOFT OFFICIAL: New Updated 70-411 Exam Questions from Braindump2go 70-411 PDF Dumps and 70-411 VCE Dumps! Welcome to Download the Newest Braindump2go 70-411 VCE&PDF Dumps: http://www.braindump2go.com/70-411.html (322 Q&As)
70-411 Exam Dumps Free Shared By Braindump2go For Instant Download Now! Download Latest 70-411 Exam Questions and pass 70-411 one time easily! Do you want to be a winner?
Exam Code: 70-411
Exam Name Administering Windows Server 2012
Certification Provider: Microsoft
Corresponding Certifications: MCSA, MCSA: Windows Server 2012, MCSE, MCSE: Desktop Infrastructure, MCSE: Private Cloud, MCSE: Server Infrastructure
Keywords:70-411 Dumps,70-411 Microsoft Exam Questions,70-411 VCE,70-411 PDF,70-411 Practice Exams,70-411 Practice Tests,70-411 Book,70-411 Study Guide
QUESTION 71
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.
The network contains a shared folder named FinancialData that contains five files.
You need to ensure that the FinancialData folder and its contents are copied to all of the client computers.
Which two Group Policy preferences should you configure?
(Each correct answer presents part of the solution. Choose two.)
A. Shortcuts
B. Network Shares
C. Environment
D. Folders
E. Files
Answer: DE
Explanation:
Folder preference items allow you to create, update, replace, and delete folders and their contents. (To configure individual files rather than folders, see Files Extension. )
Before you create a Folder preference item, you should review the behavior of each type of action possible with this extension.
File preference items allow you to copy, modify the attributes of, replace, and delete files.
(To configure folders rather than individual files, see Folders Extension. )
Before you create a File preference item, you should review the behavior of each type of action possible with this extension.
QUESTION 72
Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform?
(Each correct answer presents part of the solution.
Choose two.)
A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.
Answer: BE
Explanation:
When selecting application servers that require end-to-end encryption and authentication, it is important to note that:
** The selected end-to-end application servers must be members of one or more AD DS security groups.
* The selected end-to-end application servers must run Windows Server 2008 or later.
* The selected end-to-end application servers must be accessible via IPv6 (Native or ISATAP, not NAT64).
* The selected end-to-end application servers can be used with smart cards for an additional level of authorization.
QUESTION 73
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
A support technician accidentally deletes a user account named User1.
You need to use tombstone reanimation to restore the User1 account.
Which tool should you use?
A. Ntdsutil
B. Ldp
C. Esentutl
D. Active Directory Administrative Center
Answer: B
Explanation:
Use Ldp.exe to restore a single, deleted Active Directory object
This feature takes advantage of the fact that Active Directory keeps deleted objects in the database for a period of time before physically removing them.
Use Ldp.exe to restore a single, deleted Active Directory object
The LPD.exe tool, included with Windows Server 2012, allows users to perform operations against any LDAP-compatible directory, including Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata.
http://technet.microsoft.com/pt-pt/magazine/2007.09.tombstones(en-us).aspx
QUESTION 74
Your network contains an Active Directory domain named contoso.com.
You need to install and configure the Web Application Proxy role service.
What should you do?
A. Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
B. Install the Active Directory Federation Services server role and the Remote Access server role on the same server.
C. Install the Web Server (IIS) server role and the Application Server server role on the same server.
D. Install the Web Server (IIS) server role and the Application Server server role on different servers.
Answer: A
Explanation:
AD FS is required to provide authentication and authorization services to Web Application Proxy and to store the Web Application Proxy configuration.
Remote Access is the role containing the Web Application Proxy role service.
http://technet.microsoft.com/en-us/library/dn383650.aspx
QUESTION 75
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1.
You run ntdsutil {as shown in the exhibit}.
You need to ensure that you can access the contents of the mounted snapshot.
What should you do?
A. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds
\ntds.dit – Idapport 33389.
B. From a command prompt, run dsamain.exe -dbpath c:\$snap_201204131056_volumec$\windows\ntds
\ntds.dit – Idapport 389.
C. From the snapshot context of ntdsutil, run activate instance “NTDS”.
D. From the snapshot context of ntdsutil, run mount (79f94f82-5926-4f44-8af0-2f56d827a57d).
Answer: A
Explanation:
A. Custom port needs to be defined when mounting to allow access from ADUC
B. 389 is used as the standard ldap port
C. Run prior to mount and after the mount run dsamain Sets NTDS or a specific AD LDS instance as the active instance.
D. mounts a specific snap shot as specified by guid, using the snapshot mounted you needs to run dsamain to start an instance of AD
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
QUESTION 76
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C. From a command prompt, run the dsmgmt local roles command.
D. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.
Answer: C
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
QUESTION 77
You have a server named Server1 that has the Web Server (IIS) server role installed.
You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Sockets Layer (SSL).
To which store should you import the certificate?
Answer:
Explanation:
http://technet.microsoft.com/en-us/library/cc740068(v=ws.10).aspx
QUESTION 78
Your network contains an Active Directory domain named contoso.com.
You create a user account named User1.
The properties of User1 are shown in the exhibit. (Click the Exhibit button.)
You plan to use the User1 account as a service account. The service will forward authentication requests to other servers.
You need to ensure that you can view the Delegation tab from the properties of the User1 account.
What should you do first?
A. Modify the Security settings of User1.
B. Modify the user principal name (UPN) of User1.
C. Configure a Service Principal Name (SPN) for User1.
D. Configure the Name Mappings of User1.
Answer: C
Explanation:
If you cannot see the Delegation tab, do one or both of the following:
Register a Service Principal Name (SPN) for the user account with the Setspn utility in the support tools on your CD. Delegation is only intended to be used by service accounts, which should have registered SPNs, as opposed to a regular user account which typically does not have SPNs.
Raise the functional level of your domain to Windows Server 2003.
For more information, see Related Topics.
http://technet.microsoft.com/en-us/library/cc739474(v=ws.10).aspx
QUESTION 79
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
A. In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application
information to the file.
B. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application
information to the file.
C. In the root of a USB flash drive, add the application information to an XML file named DefaultDCClone
AllowList.xml.
D. In D:\Windows\NTDS, create an XML file named DefaultDCCloneAllowList.xml and add the application
information to the file.
Answer: B
Explanation:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active- directory-domainservices-in-windows-server-2012-part-13-domain-controller-cloning.aspx
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.
QUESTION 80
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?
A. In the root of a USB flash drive, add the application information to an XML file named DefaultDCClone
AllowList.xml.
B. In C:\Windows\system32\sysprep\actionfiles\, add the application information to an XML file named
Specialize .xml.
C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application
information to the file.
D. In C:\Windows\system32\sysprep\actionfiles\add the application information to an XML file named
Respecialize .xml.
Answer: C
Explanation:
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning.aspx http://www.thomasmaurer.ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-virtual-domain-controller
http://technet.microsoft.com/en-us/library/hh831734.aspx
Braindump2go Promises All our customers: 100% All Exams Pass Or Full Money Back! Our experts have complied the fail proof 70-411 Exam content to help all candidates pass your 70-411 certification exam easily in the first attempt and score the top possible grades too.Do you want to sucess? Come to Braindump2go and our experts team will tell you what you need to do! 70-411 Exam Dumps Full Version Download:
FREE DOWNLOAD: NEW UPDATED 70-411 PDF Dumps & VCE Dumps from Braindump2go: http://www.braindump2go.com/70-411.html (322 Q&As)