aiotestking uk

70-411 Exam Questions - Online Test


70-411 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. You have a server that runs Windows Server 2012 R2. 

You have an offline image named Windows2012.vhd that contains an installation of 

Windows Server 2012 R2. 

You plan to apply several updates to Windows2012.vhd. 

You need to mount Wmdows2012.vhd to D:\Mount. 

Which tool should you use? 

A. Server Manager 

B. Device Manager 

C. Mountvol 

D. Dism 

Answer:

Explanation: 

You can use the Deployment Image Servicing and Management (DISM) tool to mount a Windows image from a WIM or VHD file. Mounting an image maps the contents of the image to a directory so that you can service the image using DISM without booting into the image. You can also perform common file operations, such as copying, pasting, and editing on a mounted image. 

To apply packages and updates to a Windows Embedded Standard 7 image, we recommend creating a configuration set and then using Deployment Imaging Servicing and Management (DISM) to install that configuration set. Although DISM can be used to install individual updates to an image, this method carries some additional risks and is not recommended. 

Q2. You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Files created by users in the human resources department are assigned the Department classification property automatically. 

You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more. 

You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort. 

What should you configure on Task1? 

A. Configure a file screen 

B. Create a condition 

C. Create a classification rule 

D. Create a custom action 

Answer:

Explanation: 

Create a File Expiration Task The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then create additional conditions, or edit or remove an existing condition. 

Q3. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespace role service, and the DFS Replication role service installed. 

Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are connected by using a high-speed LAN connection. 

You need to minimize the amount of processor resources consumed by DFS Replication. 

What should you do? 

A. Modify the replication schedule. 

B. Modify the staging quota. 

C. Disable Remote Differential Compression (RDC). 

D. Reduce the bandwidth usage. 

Answer:

Explanation: 

Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can be beneficial when transferring large files. 

Question tells it uses a high-speed LAN connection. 

References: http: //technet. microsoft. com/en-us/library/cc758825%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc754229. aspx 

Q4. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1. 

You create and link a Group Policy object (GPO) named GPO1 to OU1. 

You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1. 

What should you configure? 

A. Security Filtering. 

B. WMI Filtering. 

C. Block Inheritance. 

D. Item-level targeting. 

Answer:

Explanation: 

You can use item-level targeting to change the scope of individual preference items, so they apply only to selected users or computers. Within a single Group Policy object (GPO), you can include multiple preference items, each customized for selected users or computers and each targeted to apply settings only to the relevant users or computers. 

Reference: https://technet.microsoft.com/en-us/library/cc733022.aspx 

Q5. Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table. 

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. From the Remote Access Management Console, reload the configuration. 

B. Add Server2 to a security group in Active Directory. 

C. Restart the IPSec Policy Agent service on Server2. 

D. From the Remote Access Management Console, modify the Infrastructure Servers settings. 

E. From the Remote Access Management Console, modify the Application Servers settings. 

Answer: B,E 

Explanation: 

Unsure about these answers: 

A public key infrastructure must be deployed. 

Windows Firewall must be enabled on all profiles. 

ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6. 

Computers that are running the following operating systems are supported as DirectAccess clients: 

Windows Server. 2012 R2 

Windows 8.1 Enterprise 

Windows Server. 2012 

Windows 8 Enterprise 

Windows Server. 2008 R2 

Windows 7 Ultimate 

Windows 7 Enterprise 

. Force tunnel configuration is not supported with KerbProxy authentication. 

. Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. 

. Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported. 

Q6. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named user1. 

User1 is the member of a group named Group1. Group1 is in the Users container. 

You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table. 

The Authenticated Users group is assigned the default permissions to all of the GPOs. 

There are no site-level GPOs. 

You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1. 

Which three GPOs should you identify in sequence? To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order. 

Answer:  

Q7. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed. 

Server1 and Server2 are configured as replica servers that use Server3 as an upstream server. 

You remove Servers from the network. 

You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft. 

Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area. 

Answer:  

Q8. Your network contains an Active Directory domain named contoso.com. The domain 

contains a domain controller named DC1 that runs Windows Server 2012 R2. 

You mount an Active Directory snapshot on DC1. 

You need to expose the snapshot as an LDAP server. 

Which tool should you use? 

A. Ldp 

B. ADSI Edit 

C. Dsamain 

D. Ntdsutil 

Answer:

Explanation: 

dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389 

Reference: http: //technet. microsoft. com/en-us/library/cc753609(v=ws. 10). aspx 

Q9. HOTSPOT 

You have a file server named Server1 that runs Windows Server 2012 R2. 

A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares. 

On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.) 

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. 

Answer:  

Q10. You have the following Windows PowerShell Output. 

You need to create a Managed Service Account. 

What should you do? 

A. Run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com –SAMAccountName service01. 

B. Run New-AuthenticationPolicySilo, and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com. 

C. Run Add-KDSRootKey, and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com. 

D. Run Set-KDSConfiguration, and then run New-ADServiceAccount –Name “service01” –DNSHostName service01.contoso.com. 

Answer:

Explanation: From the exhibit we see that the required key does not exist. First we create this key, then we create the managed service account. 

The Add-KdsRootKey cmdlet generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory (AD). The Microsoft Group KdsSvc generates new group keys from the new root key. 

The New-ADServiceAccount cmdlet creates a new Active Directory managed service account. 

Reference: New-ADServiceAccount 

https://technet.microsoft.com/en-us/library/hh852236(v=wps.630).aspx 

Reference: Add-KdsRootKey 

ttps://technet.microsoft.com/en-us/library/jj852117(v=wps.630).aspx