aiotestking uk

70-417 Exam Questions - Online Test


70-417 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. OTSPOT 

You have a Hyper-V host named HYPERV1. HYPERV1 hosts a virtual machine named 

DC1. 

You need to prevent the clock on DC1 from synchronizing from the clock on HYPERV1. 

What should you configure? To answer, select the appropriate object in the answer area. 

Answer:  

81. Your network contains an Active Directory domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. 

DC3 loses network connectivity due to a hardware failure. You plan to remove DC3 from the domain. 

You log on to DC3. 

You need to identify which service location (SRV) records are registered by DC3. 

What should you do? 

A. Open the %windir%\system32\dns\backup\adatum.com.dns file. 

B. Open the %windir%\system32\config\netlogon.dns file. 

C. Run ipconfig /displaydns. 

D. Run dcdiag /test:dns. 

Q2. OTSPOT 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Print1. 

Your company implements DirectAccess. 

A user named User1 frequently works at a customer's office. The customer's office contains a print server named Print1. 

While working at the customer's office, User1 attempts to connect to Print1. User1 connects to the Print1 server in contoso.com instead of the Print1 server at the customer's office. 

You need to provide User1 with the ability to connect to the Print1 server in the customer's office. 

Which Group Policy option should you configure? 

To answer, select the appropriate option in the answer area. 

Answer:  

Q3. DNS record types come in many forms, but which record type is being described below? 

Maps a domain name such as www.google.com to an IP address 

A. A 

B. CNAME 

C. MX 

D. PTR 

Answer:

Q4. OTSPOT 

Your network contains an Active Directory domain named contoso.com. 

All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active 

Directory-integrated. 

An administrator modifies the start of authority (SOA) record for the adatum.com zone. 

After the modification, you discover that when you add or modify DNS records in the 

adatum.com zone, the changes are not transferred to the DNS servers that host secondary 

copies of the adatum.com zone. 

You need to ensure that the records are transferred to all the copies of the adatum.com 

zone. 

What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area. 

Answer:  

252. Your manager has asked you to configure the company Windows Server 2008 domain controller. He wants all new computer accounts to be placed in the General OU, when computers join the domain. 

Which command should you use to accomplish this? 

A. Netdom 

B. Dsmove 

C. None of these 

D. Redircmp 

Q5. You have 30 servers that run Windows Server 2012 R2. 

All of the servers are backed up daily by using Windows Azure Backup. 

You need to perform an immediate backup of all the servers to Windows Azure Backup. 

Which Windows PowerShell cmdlets should you run on each server? 

A. Get-OBPolicy | Start-OBBackup 

B. Get-WBPolicy | Start-WBBackup 

C. Start-OBRegistration | Start-OBBackup 

D. Get-WBBackupTarget | Start-WBBackup 

Answer:

Explanation: Explanation/Explanation: 

A. starts a backup job using a policy 

B. Registers the current computer to Windows Azure Backup. 

C. Not using Azure 

D. Not using Azure 

http://technet.microsoft.com/en-us/library/hh770406(v=wps.620).aspx http://technet.microsoft.com/en-us/library/hh770426.aspx http://technet.microsoft.com/en-us/library/hh770398.aspx 

Q6. Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table. 

You plan to deploy an enterprise certification authority (CA) on a server named Servers. Server5 will be used to issue certificates to domain-joined computers and workgroup computers. 

You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5. 

Which server should you identify? 

A. Server1 

B. Server3 

C. Server4 

D. Server2 

Answer:

Explanation: 

CDP (and AD CS) always uses a Web Server NB: this CDP must be accessible from outside the AD, but here we don't have to wonder about that as there's only one web server. 

http://technet.microsoft.com/fr-fr/library/cc782183%28v=ws.10%29.aspx 

Selecting a CRL Distribution Point Because CRLs are valid only for a limited time, PKI clients need to retrieve a new CRL periodically. Windows Server 2003 PKI Applications look in the CRL distribution point extension for a URL that points to a network location from which the CRL object can be retrieved. Because CRLs for enterprise CAs are stored in Active Directory, they can be accessed by means of LDAP. In comparison, because CRLs for stand-alone CAs are stored in a directory on the server, they can be accessed by means of HTTP, FTP, and so on as long as the CA is online. Therefore, you should set the CRL distribution point after the CA has been installed. 

The system account writes the CRL to its distribution point, whether the CRL is published manually or is published according to an established schedule. Therefore you must ensure that the system accounts for CAs have permission to write to the CRL distribution point. Because the CRL path is also included in every certificate, you must define the CRL location and its access path before deploying certificates. If an Application performs revocation checking and a valid CRL is not available on the local computer, it rejects the certificate. 

You can modify the CRL distribution point by using the Certification Authority MMC snap-in. In this way, you can change the location where the CRL is published to meet the needs of users in your organization. You must move the CRL distribution point from the CA configuration folder to a Web server to change the location of the CRL, and you must move each new CRL to the new distribution point, or else the chain will break when the previous CRL expires. 

Note On root CAs, you must also modify the CRL distribution point in the CAPolicy.inf file so that the root CA certificate references the correct CDP and AIA paths, if specified. If you are using certificates on the Internet, you must have at least one HTTPs-accessible location for all certificates that are not limited to internal use. 

http://technet.microsoft.com/en-us/library/cc771079.aspx Configuring Certificate Revocation It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file shares. 

Q7. You have a server named Print1 that runs Windows Server 2012 R2.On Print1, you share a printer named Printer1. 

You need to ensure that only the members of the Server Operators group, the Administrators group, and the Print Operators group can send print jobs to Printer1. 

What should you do? 

A. Remove the permissions for the Creator Owner group 

B. Assign the Print permission to the Server Operators group 

C. Remove the permissions for the Everyone group 

D. Assign the Print permission to the Administrators group 

Answer:

Explanation: 

By default Everyone can print. This permissions need to be removed. 

Q8. Your network contains an Active Directory forest named adatum.com. The forest contains an Active Directory Rights Management Services (AD RMS) cluster. 

A partner company has an Active Directory forest named litwareinc.com. The partner company does not have AD RMS deployed. 

You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com. 

Which type of trust policy should you create? 

A. At federated trust 

B. A trusted user domain 

C. A trusted publishing domain 

D. Windows Live ID 

Answer:

Explanation: 

A. In AD RMS rights can be assigned to users who have a federated trust with Active Directory Federation Services (AD FS). This enables an organization to share access to rights-protected content with another organization without having to establish a separate Active Directory trust or Active Directory Rights Management Services (AD RMS) infrastructure. http://technet.microsoft.com/en-us/library/dd772651(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc738707(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc757344(v=ws.10).aspx 

Q9. OTSPOT 

You have a file server named Server1 that runs Windows Server 2012 R2. 

Server1 contains a file share that must be accessed by only a limited number of users. 

You need to ensure that if an unauthorized user attempts to access the file share, a custom access-denied message appears, which contains a link to request access to the share. The message must not appear when the unauthorized user attempts to access other shares. 

Which two nodes should you configure in File Server Resource Manager? To answer, select the appropriate two nodes in the answer area. 

Answer:  

Q10. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

On a server named Corel, you perform a Server Core Installation of Windows Server 2012 R2. You join Corel to the adatum.com domain. 

You need to ensure that you can use Event Viewer on Server1 to view the event logs on Core1. 

What should you do on Core1? 

A. Run the Enable-NetFirewallRulecmdlet. 

B. Run the Disable-NetFirewallRulecmdlet. 

C. Install Remote Server Administration Tools (RSAT). 

D. Install Windows Management Framework. 

Answer: