aiotestking uk

70-411 Exam Questions - Online Test


70-411 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. HOTSPOT 

Your company has two offices. The offices are located in Montreal and Seattle. 

The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed. 

You need to configure Server2 to download updates that are approved on Server1 only. 

What cmdlet should you run? To answer, select the appropriate options in the answer area. 

Answer:  

Q2. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. 

The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. 

You need to identify which user accounts were authenticated by RODC1. 

Which cmdlet should you use? 

A. Get-ADGroupMember 

B. Get-ADDomainControllerPasswordReplicationPolicy 

C. Get-ADDomainControllerPasswordReplicationPolicyUsage 

D. Get-ADDomain 

E. Get-ADOptionalFeature 

F. Get-ADAccountAuthorizationGroup 

Answer:

Explanation: Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller. 

Reference: Get-ADDomainControllerPasswordReplicationPolicyUsage 

https://technet.microsoft.com/en-us/library/ee617194.aspx 

Q3. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup. 

You plan to promote DC10 to a read-only domain controller (RODC). 

You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1. 

What should you do? 

A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object. 

B. From Active Directory Administrative Center, pre-create an RODC computer account. 

C. From Ntdsutil, run the local roles command. 

D. Join DC10 to the domain. Run dsmod and specify the /server switch. 

Answer:

Explanation: 

A staged read only domain controller (RODC) installation works in two discrete phases: 

1. Staging an unoccupied computer account 

2. Attaching an RODC to that account during promotion 

Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC) 

Q4. HOTSPOT 

Your network contains a RADIUS server named Server1. 

You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed. 

You need to ensure that all accounting requests for Server2 are forwarded to Server1. 

On Server2, you configure a Connection Request Policy. 

What else should you configure on Server2? To answer, select the appropriate node in the answer area. 

Answer:  

Q5. Your network contains an Active Directory domain named adatum.com. The domain contains 10 domain controllers that run Windows Server 2012 R2. 

You plan to create a new Active Directory-integrated zone named contoso.com. 

You need to ensure that the new zone will be replicated to only four of the domain controllers. 

What should you do first? 

A. Create an application directory partition. 

B. Create an Active Directory connection object. 

C. Create an Active Directory site link. 

D. Change the zone replication scope. 

Answer:

Explanation: 

Application directory partitions An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition. 

Q6. You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume. 

You add a new hard disk to WSUS1 and then create a volume on the hard disk. 

You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume. 

What should you do? 

A. From the Update Services console, configure the Update Files and Languages option. 

B. From the Update Services console, run the Windows Server Update Services Configuration Wizard. 

C. From a command prompt, run wsusutil.exe and specify the export parameter. 

D. From a command prompt, run wsusutil.exe and specify the movecontent parameter. 

Answer:

Explanation: 

Local Storage Considerations 

If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB. 

Therefore if you choose any of these options, install a larger disk (for example, 100 GB). 

If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive, you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing WSUS from the Command Line. 

For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. Log. 

Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server 2003. 

Syntax 

At the command line %drive%\Program Files\Update Services\Tools>, type: 

wsusutilmovecontentcontentpathlogfile -skipcopy [/?] 

The parameters are defined in the following table. 

contentpath - the new root for content files. The path must exist. 

logfile - the path and file name of the log file to create. 

-skipcopy - indicates that only the server configuration should be changed, and that the content files should not be copied. 

/help or /? - displays command-line help for movecontent command. 

References: 

http: //blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx 

http: //technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx http: //technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx 

Q7. You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim. 

What should you do? 

A. Run dism.exe and specify the /get-mountedwiminfo parameter. 

B. Run imagex.exe and specify the /verify parameter. 

C. Run imagex.exe and specify the /ref parameter. 

D. Run dism.exe and specify the/get-imageinfo parameter. 

Answer:

Explanation: 

/Get-MountedWimInfo Lists the images that are currently mounted and information about the mounted image such as read/write permissions, mount location, mounted file path, and mounted image index. 

References: 

 http: //technet. microsoft. com/en-us/library/cc749447(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/dd744382(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/hh825224. aspx 

Q8. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings ofcontoso.com. 

You need to identify to which Active Directory object types you can directly apply the fine-grained password policies. 

Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.) 

A. Users 

B. Global groups 

C. computers 

D. Universal groups 

E. Domain local groups 

Answer: A,B 

Explanation: 

First off, your domain functional level must be at Windows Server 2008. Second, Fine-grained password policies ONLY apply to user objects, and global security groups. Linking them to universal or domain local groups is ineffective. I know what you’re thinking, what about OU’s? Nope, Fine-grained password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed. 

Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. 

You can apply Password Settings objects (PSOs) to users or global security groups: 

References: 

http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc731589%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc770848%28v=ws. 10%29. aspx 

http: //www. brandonlawson. com/active-directory/creating-fine-grained-password-policies/ 

Q9. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two servers. The servers are configured as shown in the following table. 

All client computers run Windows 8 Enterprise. 

You plan to deploy Network Access Protection (NAP) by using IPSec enforcement. 

A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to all of the client computers. 

You need to ensure that the client computers can discover HRA servers automatically. 

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) 

A. On all of the client computers, configure the EnableDiscovery registry key. 

B. In a GPO, modify the Request Policy setting for the NAP Client Configuration. 

C. On Server2, configure the EnableDiscovery registry key. 

D. On DC1, create an alias (CNAME) record. 

E. On DC1, create a service location (SRV) record. 

Answer: A,B,E 

Explanation: 

Requirements for HRA automatic discovery 

The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery: 

Client computers must be running Windows Vista. with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3). 

The HRA server must be configured with a Secure Sockets Layer (SSL) certificate. 

The EnableDiscovery registry key must be configured on NAP client computers. 

DNS SRV records must be configured. 

The trusted server group configuration in either local policy or Group Policy must be cleared. 

http: //technet. microsoft. com/en-us/library/dd296901. aspx 

Q10. Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. 

You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing. 

You need to ensure that the new zone will be available only on DC5 and DCG. 

What should you do first? 

A. Change the zone replication scope. 

B. Create an Active Directory connection object. 

C. Create an Active Directory site link. 

D. Create an application directory partition. 

Answer:

Explanation: 

You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition.