aiotestking uk

70-411 Exam Questions - Online Test


70-411 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet. 

You implement DirectAccess by using the default configuration. 

You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com. 

Which settings should you configure in a Group Policy object (GPO)? 

A. DirectAccess Client Experience Settings 

B. DNS Client 

C. Name Resolution Policy 

D. Network Connections 

Answer:

Explanation: 

For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot (for example, internal.contoso.com or . corp.contoso.com). For a DirectAccess client, any name request that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS) servers. 

Include all intranet DNS namespaces that you want DirectAccess client computers to access. 

There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration \Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients. You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the NRPT with Group Policy. 

Q2. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1. 

You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1. 

You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages. 

What should you do? 

A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Advanced option. 

B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings. 

C. From the File Server Resource Manager console, modify the Email Notifications settings. 

D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option. 

Answer:

Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12 

Explanation: 

When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both. 

The owner distribution list is configured by using the SMB Share – Advanced file share profile in the New Share Wizard in Server Manager. 

Q3. DRAG DROP 

You have a WIM file that contains an image of Windows Server 2012 R2. 

Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image. 

You need to remove the MSU package from the image. 

Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order. 

Answer:  

Q4. HOTSPOT 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. 

You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre-shared keys. 

What should you modify? 

To answer, select the appropriate object in the answer area. 

Answer:  

Q5. HOTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 has the Network Policy Server server role installed. Server2 has the DHCP Server server role installed. Both servers run Windows Server 2012 R2. 

You are configuring Network Access Protection (NAP) to use DHCP enforcement. 

You configure a DHCP scope as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that non-compliant NAP clients receive different DHCP options than compliant NAP clients. 

What should you configure on each server? To answer, select the appropriate options for each server in the answer area. 

Answer:  

Q6. DRAG DROP 

Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. 

The schema is upgraded to Windows Server 2012 R2. 

Contoso.com contains two servers. The servers are configured as shown in the following table. 

Server1 and Server2 host a load-balanced application pool named AppPool1. 

You need to ensure that AppPool1 uses a group Managed Service Account as its identity. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Answer:  

Q7. Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. 

On DC10, the disk that contains the SYSVOL folder fails. 

You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. 

You need to perform a non-authoritative synchronization of SYSVOL on DC10. 

Which tool should you use before you start the DFS Replication service on DC10? 

A. Dfsgui.msc 

B. Dfsmgmt.msc 

C. Adsiedit.msc 

D. Ldp 

Answer:

Explanation: 

How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS) 

. In the ADSIEDIT. MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative: 

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain> msDFSR-Enabled=FALSE 

. Force Active Directory replication throughout the domain. 

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative: 

DFSRDIAG POLLAD 

. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated. 

. On the same DN from Step 1, set: 

msDFSR-Enabled=TRUE 

. Force Active Directory replication throughout the domain. 

. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative: 

DFSRDIAG POLLAD 

. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL. 

Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit. msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. 

Q8. Your network contains an Active Directory domain named contoso.com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2. You deploy a new domain controller named DC1 that runs Windows Server 2012 R2. 

You log on to DC1 by using an account that is a member of the Domain Admins group. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center. 

You need to ensure that you can create PSOs from Active Directory Administrative Center. 

What should you do? 

A. Modify the membership of the Group Policy Creator Owners group. 

B. Transfer the PDC emulator operations master role to DC1. 

C. Upgrade all of the domain controllers that run Window Server 2008. 

D. Raise the functional level of the domain. 

Answer:

Explanation: 

Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell. 

Step 1: Create a PSO Applies To: Windows Server 2008, Windows Server 2008 R2 

Reference: 

http: //technet. microsoft. com/en-us//library/cc754461%28v=ws. 10%29. aspx 

Q9. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. 

The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. 

Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. 

You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2. 

What should you create? 

A. A trust anchor 

B. A stub zone 

C. A zone delegation 

D. A secondary zone 

Answer:

Explanation: 

A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. 

Q10. Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2. 

Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. AH of the virtual machines run Windows Server 2008 R2. 

You need to view the amount of memory resources and processor resources that VM4 currently uses. 

Which tool should you use on Hyperv1? 

A. Windows System Resource Manager (WSRM) 

B. Task Manager 

C. Hyper-V Manager 

D. Resource Monitor 

Answer:

Explanation: 

Hyper-V Performance Monitoring Tool Know which resource is consuming more CPU. Find out if CPUs are running at full capacity or if they are being underutilized. Metrics tracked include Total CPU utilization, Guest CPU utilization, Hypervisor CPU utilization, idle CPU utilization, etc. 

WSRM is deprecated starting with Windows Server 2012