aiotestking uk

70-411 Exam Questions - Online Test


70-411 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2. 

On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1. 

What should you do? 

A. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting. 

B. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting. 

C. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting. 

D. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting. 

Answer:

Explanation: 

Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription. 

1. Run the following command from an elevated privilege command prompt on the 

Windows Server domain controller to configure Windows Remote Management: winrm qc –q. 

2. Start group policy by running the following command: %SYSTEMROOT%\System32\gpedit. msc. 

3. Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event Forwarding node. 

4. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting. 

5. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force. 

If you want to configure a source computer-initiated subscription, you need to configure the following group policies on the computers that will act as the event forwarders: 

* (A) Configure Target Subscription Manager This policy enables you to set the location of the collector computer. 

Q2. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. 

The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each subnet. 

You need to ensure that noncompliant computers on Subnet1 receive different network policies than noncompliant computers on Subnet2. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. The NAP-Capable Computers conditions 

B. The NAS Port Type constraints 

C. The Health Policies conditions 

D. The MS-Service Class conditions 

E. The Called Station ID constraints 

Answer: C,D 

Explanation: 

The NAP health policy server uses the NPS role service with configured health policies and system health validators (SHVs) to evaluate client health based on administrator-defined requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide full access to compliant NAP client computers and to restrict access to client computers that are noncompliant with health requirements. 

If policies are filtered by DHCP scope, then MS-Service Class is configured in policy conditions. 

Q3. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

A local account named Admin1 is a member of the Administrators group on Server1. 

You need to generate an audit event whenever Admin1 is denied access to a file or folder. 

What should you run? 

A. auditpol.exe /set /userradmin1 /failure: enable 

B. auditpol.exe /set /user: admin1 /category: "detailed tracking" /failure: enable 

C. auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure 

D. auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga 

Answer:

Explanation: 

http: //technet. microsoft. com/en-us/library/ff625687. aspx 

To set a global resource SACL to audit successful and failed attempts by a user to perform 

generic read and write functions on files or folders: 

auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: 

FRFW 

http: //technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx 

Syntax 

auditpol /resourceSACL 

[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]] 

[/remove /type: <resource> /user: <user> [/type: <resource>]] 

[/clear [/type: <resource>]] 

[/view [/user: <user>] [/type: <resource>]] 

References: 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/ff625687. aspx 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

Q4. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients. 

You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts. 

You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers. 

Which two settings should you configure in GPO1? 

To answer, select the appropriate two settings in the answer area. 

Answer:  

Q5. Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain. 

You need to create NAP event trace log files on a client computer. 

What should you run? 

A. logman 

B. Register-ObjectEvent 

C. tracert 

D. Register-EngineEvent 

Answer:

Explanation: 

You can enable NAP client tracing by using the command line. On computers running Windows Vista., you can enable tracing by using the NAP Client Configuration console. NAP client tracing files are written in Event Trace Log (ETL) format. These are binary files representing trace data that must be decoded by Microsoft support personnel. Use the –o option to specify the directory to which they are written. In the following example, files are written to %systemroot%\tracing\nap. For more information, see Logman (http: //go. microsoft.com/fwlink/?LinkId=143549). 

To create NAP event trace log files on a client computer 

Open a command line as an administrator. 

Type 

logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o 

%systemroot%\tracing\nap\QAgentRt. etl –ets. 

Note: To troubleshoot problems with WSHA, use the following GUID: 789e8f15-0cbf-4402-b0ed-0e22f90fdc8d. 

Reproduce the scenario that you are troubleshooting. 

Type logman stop QAgentRt -ets. 

Close the command prompt window. 

References: 

http: //technet. microsoft. com/en-us/library/dd348461%28v=ws. 10%29. aspx 

Q6. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013. 

You implement a Group Policy central store. 

You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort. 

What should you configure in a Group Policy object (GPO)? 

A. The Group Policy preferences 

B. An application control policy 

C. The Administrative Templates 

D. The Software Installation settings 

Answer:

Explanation: 

Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later). You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more. You are not limited by the contents of Administrative Template files. 

: http://technet.microsoft.com/en-us/library/dn581922.aspx 

Q7. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. 

You have a Password Settings object (PSOs) named PSO1. 

You need to view the settings of PSO1. 

Which tool should you use? 

A. Get-ADDefaultDomainPasswordPolicy 

B. Active Directory Administrative Center 

C. Local Security Policy 

D. Get-ADAccountResultantPasswordReplicationPolicy 

Answer:

Explanation: 

In Windows Server 2012, fine-grained password policy management is made much easier than Windows Server 2008/2008 R2. Windows Administrators not have to use ADSI Edit and configure complicated settings to create the Password Settings Object (PSO) in the Password Settings Container. Instead we can configure fine-grained password policy directly in Active Directory Administrative Center (ADAC). 

Q8. Your company has a main office and a branch office. 

The network contains an Active Directory domain named contoso.com. 

The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com. 

The main office connects to the branch office by using an unreliable WAN link. 

You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days. 

Which setting should you modify in the start of authority (SOA) record? 

A. Retry interval 

B. Refresh interval 

C. Expires after 

D. Minimum (default) TTL 

Answer:

Explanation: 

Used by other DNS servers that are configured to load and host the zone to determine when zone data expires if it is not renewed 

Q9. You have Windows Server 2012 R2 installation media that contains a file named Install.wim. 

You need to identify which images are present in Install.wim. 

What should you do? 

A. Run imagex.exe and specify the /ref parameter. 

B. Run dism.exe and specify the /get-mountedwiminfo parameter. 

C. Run dism.exe and specify the /get-imageinfo parameter. 

D. Run imagex.exe and specify the /verify parameter. 

Answer:

Explanation: 

Option: 

/Get-ImageInfo 

Arguments: 

/ImageFile: <path_to_image.wim> 

[{/Index: <Image_index> | /Name: <Image_name>}] 

Displays information about the images that are contained in the .wim, vhd or .vhdx file. 

When used with the Index or /Name argument, information about the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 

Update, see Take Inventory of an Image or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index: 1 for VHD files. 

References: 

http: //technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx 

http: //technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx 

http: //technet.microsoft.com/en-us/library/hh825224.aspx 

Q10. Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2. 

Computer accounts for the marketing department are in an organizational unit (OU) named Departments\Marketing\Computers. User accounts for the marketing department are in an OU named Departments\Marketing\Users. 

All of the marketing user accounts are members of a global security group named MarketingUsers. All of the marketing computer accounts are members of a global security group named MarketingComputers. 

In the domain, you have Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.) 

You create two Password Settings objects named PSO1 and PSO2. PSO1 is applied to MarketingUsers. PSO2 is applied to MarketingComputers. 

The minimum password length is defined for each policy as shown in the following table. 

You need to identify the minimum password length required for each marketing user. 

What should you identify? 

A. 5 

B. 6 

C. 7 

D. 10 

E. 12 

Answer: