aiotestking uk

70-411 Exam Questions - Online Test


70-411 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Deployment Services server role installed. 

Server1 contains two boot images and four install images. 

You need to ensure that when a computer starts from PXE, the available operating system 

images appear in a specific order. 

What should you do? 

A. Modify the properties of the boot images. 

B. Create a new image group. 

C. Modify the properties of the install images. 

D. Modify the PXE Response Policy. 

Answer:

Q2. You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2. 

You configure a custom service on VM1 named Service1. 

You need to ensure that VM1 will be moved to a different node if Service1 fails. 

Which cmdlet should you run on Cluster1? 

A. Add-ClusterVmMonitoredItem 

B. Add-ClusterGenericServiceRole 

C. Set-ClusterResourceDependency 

D. Enable VmResourceMetering 

Answer:

Explanation: 

The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual machine resource. For example, the configuration might specify that the virtual machine be restarted. 

Q3. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed. 

Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes. 

You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.) 

You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1. 

What should you create? 

A. A connection request policy that has the Service Type condition 

B. A connection request policy that has the Identity Type condition 

C. A network policy that has the Identity Type condition 

D. A network policy that has the MS-Service Class condition 

Answer:

Explanation: 

MS-Service Class 

Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile. 

Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want to configure. 

In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network Access Protection group of conditions. 

If you want to configure the Identity Type condition, click Identity Type, and then click Add. 

In Specify the method in which clients are identified in this policy, select the items appropriate for your deployment, and then click OK. 

The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods to allow client health checks when NPS does not receive an Access-Request message that contains a value for the User-Name attribute; in this case, client health checks are performed, but authentication and authorization are not performed. 

If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and then click Add. 

The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. 

References: http: //technet. microsoft. com/en-us/library/cc731560(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/cc731220(v=ws. 10). aspx 

Q4. HOTSPOT 

Your network contains a RADIUS server named Admin1. 

You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed. 

You need to ensure that all accounting requests for Server2 are forwarded to Admin1. 

On Server2, you create a new remote RADIUS server group named Group1 that contains Admin1. 

What should you configure next on Server2? 

To answer, select the appropriate node in the answer area. 

Answer:  

Q5. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2. 

The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.) 

You need to enable access-based enumeration on the DFS namespace. 

What should you do first? 

A. Raise the domain functional level. 

B. Raise the forest functional level. 

C. Install the File Server Resource Manager role service on Server3 and Server5. 

D. Delete and recreate the namespace. 

Answer:

Explanation: 

Access-based enumeration is only supported on a Domain-based Namespace in Windows Server 2008 Mode. This type of Namespace requires a minimum Windows Server 2003 forest functional level and a minimum Windows Server 2008 domain functional level. 

The exhibit indicates that the current namespace is a Domain-based Namespace in Windows Server 2000 Mode. To migrate a domain-based namespace from Windows 2000 Server mode to Windows Server 2008 mode, you must export the namespace to a file, delete the namespace, recreate it in Windows Server 2008 mode, and then import the namespace settings. 

http://msdn.microsoft.com/en-us/library/cc770287.aspx http://msdn.microsoft.com/en-us/library/cc753875.aspx 

Q6. Your network contains an Active Directory domain named contoso.com. 

You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.) 

You plan to use the User1 account as a service account. The service will forward authentication requests to other servers. 

You need to ensure that you can view the Delegation tab from the properties of the User1 account. 

What should you do first? 

A. Configure the Name Mappings of User1. 

B. Modify the user principal name (UPN) of User1. 

C. Configure a Service Principal Name (SPN) for User1. 

D. Modify the Security settings of User1. 

Answer:

Explanation: 

If you cannot see the Delegation tab, do one or both of the following: 

Register a Service Principal Name (SPN) for the user account with the Setspn utility in the 

support tools on your CD. Delegation is only intended to be used by service accounts, 

which should have registered SPNs, as opposed to a regular user account which typically 

does not have SPNs. 

Raise the functional level of your domain to Windows Server 2003. For more information, 

see Related Topics. 

References: 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 

http: //technet. microsoft. com/en-us/library/cc739474(v=ws. 10). aspx 

http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx 

Q7. HOTSPOT 

Your network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2. 

You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee. 

You create the auditing entry as shown in the exhibit. (Click the Exhibit button.) 

To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point. 

Answer:  

Q8. Your network contains an Active Directory domain named contoso.com. 

All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2. 

You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop. 

You discover that when a user signs in, the Link1 is not added to the desktop. 

You need to ensure that when a user signs in, Link1 is added to the desktop. 

What should you do? 

A. Enforce GPO1. 

B. Enable loopback processing in GPO1. 

C. Modify the Link1 shortcut preference of GPO1. 

D. Modify the Security Filtering settings of GPO1. 

Answer:

Explanation: 

Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO. 

Q9. Your company has a main office and a branch office. 

The network contains an Active Directory domain named contoso.com. 

The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com. 

The main office connects to the branch office by using an unreliable WAN link. 

You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days. 

Which setting should you modify in the start of authority (SOA) record? 

A. Retry interval 

B. Refresh interval 

C. Expires after 

D. Minimum (default) TTL 

Answer:

Explanation: 

Used by other DNS servers that are configured to load and host the zone to determine when zone data expires if it is not renewed 

Q10. Your network contains an Active Directory domain named adatum.com. 

You need to audit changes to the files in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL replication traffic caused by the audit. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. Audit Policy\Audit system events 

B. Advanced Audit Policy Configuration\DS Access 

C. Advanced Audit Policy Configuration\Global Object Access Auditing 

D. Audit Policy\Audit object access 

E. Audit Policy\Audit directory service access 

F. Advanced Audit Policy Configuration\Object Access 

Answer: D,F