How to win with 70 411 exam dumps pdf

Master the 70 411 exam dumps Administering Windows Server 2012 content and be ready for exam day success quickly with this Examcollection 70 411 pdf download. We guarantee it!We make it a reality and give you real mcp 70 411 questions in our Microsoft 70 411 pdf braindumps.Latest 100% VALID Microsoft microsoft 70 411 Exam Questions Dumps at below page. You can use our Microsoft exam ref 70 411 administering windows server 2012 r2 pdf braindumps and pass your exam.


Free VCE & PDF File for Microsoft 70-411 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on:

Q121. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed. 

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1. 

You need to configure replica downstream servers to send Server1 summary information about the computer update status. 

What should you do? 

A. From Server1, configure Reporting Rollup. 

B. From Server2, configure Reporting Rollup. 

C. From Server2, configure Email Notifications. 

D. From Server1, configure Email Notifications. 



WSUS Reporting Rollup Sample Tool 

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file. 

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx 

Q122. You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed. 

You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.) 

You need to configure a pre-staged device for VM1 in the Windows Deployment Services console. 

Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.) 

A. 979708BFC04B45259FE0C4150BB6C618 

B. 979708BF-C04B-4525-9FE0-C4150BB6C618 

C. 00155D000F1300000000000000000000 

D. 0000000000000000000000155D000F13 

E. 00000000-0000-0000-0000-C4150BB6C618 

Answer: B,D 


Use client computer's media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX-XXXXXXXXXXXX}. 

Reference: http: //technet. microsoft. com/en-us/library/cc754469. aspx 

Q123. Your network contains an Active Directory domain named The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed. 

An administrator creates a RADIUS client template named Template1. 

You create a RADIUS client named Client1 by using Template 1. 

You need to modify the shared secret for Client1. 

What should you do first? 

A. Configure the Advanced settings of Template1. 

B. Set the Shared secret setting of Template1 to Manual. 

C. Clear Enable this RADIUS client for Client1. 

D. Clear Select an existing template for Client1. 



Clear checkmark for Select an existing template in the new client wizard. 

In New RADIUS Client, in Shared secret, do one of the following: 

Bullet Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the RADIUS client. Retype the shared secret in Confirm shared secret. 


You have a server named Server1 that runs Windows Server 2012 R2. 

You configure Network Access Protection (NAP) on Server1. 

Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly. 

You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time. 

Which two nodes should you configure? 

To answer, select the appropriate two nodes in the answer area. 


Q125. Your network contains an Active Directory domain named All servers run Windows Server 2012 R2. 

The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server. 

Server1 provides VPN access to external users. 

You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2. 

What should you run? 

A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting 

B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled 

C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting 

D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled 




Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess 

(DA) and VPN, or one-time password (OTP) authentication for DA. 


Indicates the enabled state for sending of accounting on or off messages. The acceptable 

values for this parameter are: 

. Enabled. 

. Disabled. 

This is the default value. This parameter is applicable only when the RADIUS server is being added for Remote Access accounting. 


Your network contains an Active Directory domain named The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1. 

You identify the security requirements for the 30 user accounts as shown in the following table. 

You need to identify which settings must be implemented by using a Password Settings object (PSO) and which settings must be implemented by modifying the properties of the user accounts. 

What should you identify? To answer, configure the appropriate settings in the dialog box in the answer area. 


Q127. Your network contains an Active Directory domain named Network Access Protection (NAP) is deployed to the domain. 

You need to create NAP event trace log files on a client computer. 

What should you run? 

A. logman 

B. Register-ObjectEvent 

C. tracert 

D. Register-EngineEvent 



You can enable NAP client tracing by using the command line. On computers running Windows Vista., you can enable tracing by using the NAP Client Configuration console. NAP client tracing files are written in Event Trace Log (ETL) format. These are binary files representing trace data that must be decoded by Microsoft support personnel. Use the –o option to specify the directory to which they are written. In the following example, files are written to %systemroot%\\tracing\\nap. For more information, see Logman (http: //go. 

To create NAP event trace log files on a client computer 

Open a command line as an administrator. 


logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o 

%systemroot%\\tracing\\nap\\QAgentRt. etl –ets. 

Note: To troubleshoot problems with WSHA, use the following GUID: 789e8f15-0cbf-4402-b0ed-0e22f90fdc8d. 

Reproduce the scenario that you are troubleshooting. 

Type logman stop QAgentRt -ets. 

Close the command prompt window. 


http: //technet. microsoft. com/en-us/library/dd348461%28v=ws. 10%29. aspx 


Your network contains a DNS server named Server1. Server1 hosts a DNS zone for 

You need to ensure that DNS clients cache records from for a maximum of one hour. 

Which value should you modify in the Start of Authority (SOA) record? To answer, select the appropriate setting in the answer area. 


Q129. Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. 

On Server1, you create a standard primary zone named 

You need to ensure that Server2 can host a secondary zone for 

What should you do from Server1? 

A. Add Server2 as a name server. 

B. Create a trust anchor named Server2. 

C. Convert to an Active Directory-integrated zone. 

D. Create a zone delegation that points to Server2. 



Typically, adding a secondary DNS server to a zone involves three steps: 


On the primary DNS server, add the prospective secondary DNS server to the list of name servers that are authoritative for the zone. 

2. On the primary DNS server, verify that the transfer settings for the zone permit the zone to be transferred to the prospective secondary DNS server. 

3. On the prospective secondary DNS server, add the zone as a secondary zone. 

You must add a new Name Server. To add a name server to the list of authoritative servers for the zone, you must specify both the server's IP address and its DNS name. When entering names, click Resolve to resolve the name to its IP address prior to adding it to the list. Secondary zones cannot be AD-integrated under any circumstances. 

You want to be sure Server2 can host, you do not want to delegate a zone. 

Secondary Domain Name System (DNS) servers help provide load balancing and fault tolerance. Secondary DNS servers maintain a read-only copy of zone data that is transferred periodically from the primary DNS server for the zone. You can configure DNS clients to query secondary DNS servers instead of (or in addition to) the primary DNS server for a zone, reducing demand on the primary server and ensuring that DNS queries for the zone will be answered even if the primary server is not available. 

How-To: Configure a secondary DNS Server in Windows Server 2012 

We need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise replication will fail and you will get this big red X. 

Head over to your primary DNS server, launch DNS manager, expand Forward Lookup Zones, navigate to your primary DNS zone, right-click on it and go to Properties. 

Go to “Zone Transfers” tab, by default, for security reasons, the “Allow zone transfers: ” is un-checked to protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not want to select “To any server” but make sure you click on “Only to servers listed on the Name Servers tab”. 

Head over to the “Name Servers” tab, click Add. 

You will get “New Name Server Record” window, type in the name of your secondary DNS server. it is always better to validate by name not IP address to avoid future problems in case your IP addresses change. Once done, click OK. 

You will see your secondary DNS server is now added to your name servers selection, click OK. 

Now if you head back to your secondary DNS server and refresh, the big red X will go away and your primary zone data will populate. 

Your secondary DNS is fully setup now. You cannot make any DNS changes from your secondary DNS. Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS. 


http: //technet. microsoft. com/en-us/library/cc816885%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/cc816814%28v=ws. 10%29. aspx 

http: //blog. hyperexpert. com/how-to-configure-a-secondary-dns-server-in-windows-server-2012/ 

http: //technet. microsoft. com/en-us/library/cc770984. aspx 

http: //support. microsoft. com/kb/816101 

http: //technet. microsoft. com/en-us/library/cc753500. aspx 

http: //technet. microsoft. com/en-us/library/cc771640(v=ws. 10). aspx 

http: //technet. microsoft. com/en-us/library/ee649280(v=ws. 10). aspx 

Q130. Your network contains an Active Directory domain named All domain controllers run Windows Server 2012 R2. 

An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. 

You make a change to GPO1. 

You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. 

Which tool should you use? 

A. The Secedit command 

B. Group Policy Management Console (GPMC) 

C. Server Manager 

D. The Gpupdate command 



In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. 

Starting with Windows Server. 2012 and Windows. 8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container. 

http: //technet. microsoft. com/en-us//library/jj134201. aspx 

http: //blogs. technet. com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-using-remote-gpupdate. aspx