aiotestking uk

70-411 Exam Questions - Online Test


70-411 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2. 

A support technician accidentally deletes a user account named User1. 

You need to use tombstone reanimation to restore the User1 account. 

Which tool should you use? 

A. Active Directory Administrative Center 

B. Ntdsutil 

C. Ldp 

D. Esentutl 

Answer:

Explanation: 

Use Ldp.exe to restore a single, deleted Active Directory object This feature takes advantage of the fact that Active Directory keeps deleted objects in the database for a period of time before physically removing them. use Ldp.exe to restore a single, deleted Active Directory object 

The LPD.exe tool, included with Windows Server 2012, allows users to perform operations against any LDAP-compatible directory, including Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata. 

References: 

http: //www. petri. co. il/manually-undeleting-objects-windows-active-directory-ad. htm 

http: //www. petri. co. il/manually-undeleting-objects-windows-active-directory-ad. htm 

http: //technet. microsoft. com/en-us/magazine/2007. 09. tombstones. aspx 

http: //technet. microsoft. com/nl-nl/library/dd379509(v=ws. 10). aspx#BKMK_2 

http: //technet. microsoft. com/en-us/library/hh875546. aspx 

http: //technet. microsoft. com/en-us/library/dd560651(v=ws. 10). aspx 

Q2. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. 

You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. The Called Station ID constraints 

B. The MS-Service Class conditions 

C. The Health Policies conditions 

D. The NAS Port Type constraints 

E. The NAP-Capable Computers conditions 

Answer: C,E 

Reference: 

http://technet.microsoft.com/en-us/library/cc753603.aspx 

http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/cc731560.aspx 

Q3. DRAG DROP 

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. 

You generalize Server2. 

You install the Windows Deployment Services (WDS) server role on Server1. 

You need to capture an image of Server2 on Server1. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Answer:  

Q4. Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. The forest contains a single domain. 

You create a Password Settings object (PSO) named PSO1. 

You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1. 

What should you do? 

A. From Active Directory Users and Computers, run the Delegation of Control Wizard. 

B. From Active Directory Administrative Center, modify the security settings of PSO1. 

C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1. 

D. From Active Directory Administrative Center, modify the security settings of OU1. 

Answer:

Explanation: 

PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs, consider creating global security groups that contain the users from these OUs and then applying the newly defined finegrained password and account lockout policies to them. If you move a user from one OU to another, you must update user memberships in the corresponding global security groups. Go ahead and hit "OK" and then close out of all open windows. Now that you have created a password policy, we need to apply it to a user/group. In order to do so, you must have "write" permissions on the PSO object. We're doing this in a lab, so I'm Domain Admin. Write permissions are not a problem 

1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active Directory Users and Computers). 

2. On the View menu, ensure that Advanced Features is checked. 

3. In the console tree, expand Active Directory Users and Computers\yourdomain\System\Password Settings Container 

4. In the details pane, right-click the PSO, and then click Properties. 

5. Click the Attribute Editor tab. 

6. Select the msDS-PsoAppliesTo attribute, and then click Edit. 

Q5. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. 

Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1. 

Users report that App1 responds more slowly than expected. 

You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1. 

Which performance object should you monitor on Server1? 

A. Processor 

B. Hyper-V Hypervisor Virtual Processor 

C. Hyper-V Hypervisor Logical Processor 

D. Hyper-V Hypervisor Root Virtual Processor 

E. Process 

Answer:

Explanation: 

In the simplest way of thinking the virtual processor time is cycled across the available logical processors in a round-robin type of fashion. Thus all the processing power gets used over time, and technically nothing ever sits idle. To accurately measure the processor utilization of a guest operating system, use the “\Hyper-V Hypervisor Logical Processor (Total)\% Total Run Time” performance monitor counter on the Hyper-V host operating system. 

Q6. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed. 

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1. 

You need to configure replica downstream servers to send Server1 summary information about the computer update status. 

What should you do? 

A. From Server1, configure Reporting Rollup. 

B. From Server2, configure Reporting Rollup. 

C. From Server2, configure Email Notifications. 

D. From Server1, configure Email Notifications. 

Answer:

Explanation: 

WSUS Reporting Rollup Sample Tool 

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file. 

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx 

Q7. Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. 

You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes. 

Which setting should you modify in the start of authority (SOA) record? 

A. Retry interval 

B. Expires after 

C. Minimum (default) TTL 

D. Refresh interval 

Answer:

Explanation: 

By default, the refresh interval for each zone is set to 15 minutes. The refresh interval is used to determine how often other DNS servers that load and host the zone must attempt to renew the zone. 

Q8. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. 

You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. 

Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area. 

Answer:  

Q9. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting. 

Server1 is configured as a VPN server and is configured to forward authentication requests to Server2. 

You need to ensure that only Server2 contains event information about authentication requests from connections to Server1. 

Which two nodes should you configure from the Network Policy Server console? 

To answer, select the appropriate two nodes in the answer area. 

Answer:  

Q10. Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2. 

A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily. 

During routine maintenance, you delete a group named Group1. 

You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort. 

What should you do first? 

A. Perform an authoritative restore of Group1. 

B. Mount the most recent Active Directory backup. 

C. Use the Recycle Bin to restore Group1. 

D. Reactivate the tombstone of Group1. 

Answer:

Explanation: 

The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.