Ideas to 70 411 study guide

Your success in Microsoft exam ref 70 411 administering windows server 2012 r2 pdf is our sole target and we develop all our microsoft 70 411 braindumps in a way that facilitates the attainment of this target. Not only is our 70 411 dumps study material the best you can find, it is also the most detailed and the most updated. 70 411 exam dumps Practice Exams for Microsoft Windows Server 70 411 dumps are written to the highest standards of technical accuracy.


Free VCE & PDF File for Microsoft 70-411 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on:

Q31. Your network contains an Active Directory domain named The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 

You have two GPOs linked to an organizational unit (OU) named OU1. 

You need to change the precedence order of the GPOs. 

What should you use? 

A. Dcgpofix 

B. Get-GPOReport 

C. Gpfixup 

D. Gpresult 

E. Gpedit. msc 

F. Import-GPO 

G. Restore-GPO 

H. Set-GPInheritance 

I. Set-GPLink 

J. Set-GPPermission 

K. Gpupdate 

L. Add-ADGroupMember 



The Set-GPLinkcmdlet sets the properties of a GPO link. You can set the following properties: 

. Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed for the site, domain or OU. 

. Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container. 

. Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU. 

Reference: http: //technet. microsoft. com/en-us/library/ee461022. aspx 

Q32. Your network contains an Active Directory domain named All servers run Windows Server 2012 R2. 

All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain. All user accounts for the sales department are in an organizational unit (OU) named Sales_OU. 

A Group Policy object (GPO) named GPO1 is linked to Sales_OU. 

You need to configure a dial-up connection for all of the sales users. 

What should you configure from User Configuration in GPO1? 

A. Policies/Administrative Templates/Network/Windows Connect Now 

B. Preferences/Control Panel Settings/Network Options 

C. Policies/Administrative Templates/Windows Components/Windows Mobility Center 

D. Policies/Administrative Templates/Network/Network Connections 



The Network Options extension allows you to centrally create, modify, and delete dial-up networking and virtual private network (VPN) connections. Before you create a network option preference item, you should review the behavior of each type of action possible with the extension. 

To create a new Dial-Up Connection preference item 

Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit. 

In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. 

Right-click the Network Options node, point to New, and select Dial-Up Connection. 


http: //technet. microsoft. com/en-us/library/cc772107. aspx 

http: //technet. microsoft. com/en-us/library/cc772107. aspx 

http: //technet. microsoft. com/en-us/library/cc772449. aspx 

Q33. Your network contains an Active Directory domain named The domain contains three servers. The servers are configured as shown in the following table. 

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. From the Remote Access Management Console, reload the configuration. 

B. Add Server2 to a security group in Active Directory. 

C. Restart the IPSec Policy Agent service on Server2. 

D. From the Remote Access Management Console, modify the Infrastructure Servers settings. 

E. From the Remote Access Management Console, modify the Application Servers settings. 

Answer: B,E 


Unsure about these answers: 

A public key infrastructure must be deployed. 

Windows Firewall must be enabled on all profiles. 

ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and use native IPv6. 

Computers that are running the following operating systems are supported as DirectAccess clients: 

Windows Server. 2012 R2 

Windows 8.1 Enterprise 

Windows Server. 2012 

Windows 8 Enterprise 

Windows Server. 2008 R2 

Windows 7 Ultimate 

Windows 7 Enterprise 

. Force tunnel configuration is not supported with KerbProxy authentication. 

. Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. 

. Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported. 

Q34. Your network contains an Active Directory domain named 

A user named User1 creates a central store and opens the Group Policy Management Editor as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that the default Administrative Templates appear in GPO1. 

What should you do? 

A. Link a WMI filter to GPO1. 

B. Copy files from %Windir%\\Policydefinitions to the central store. 

C. Configure Security Filtering in GPO1. 

D. Add User1 to the Group Policy Creator Owners group. 



In earlier operating systems, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased. 

In Group Policy for Windows Server 2008 and Windows Vista, if you change Administrative template policy settings on local computers, Sysvol will not be automatically updated with the new .admX or .admL files. This change in behavior is implemented to reduce network load and disk storage requirements, and to prevent conflicts between .admX files and.admL files when edits to Administrative template policy settings are made across different locales. To make sure that any local updates are reflected in Sysvol, you must manually copy the updated .admX or .admL files from the PolicyDefinitions file on the local computer to the Sysvol\\PolicyDefinitions folder on the appropriate domain controller. 

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. 

To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location: \\\\FQDN\\SYSVOL\\FQDN\\policies 


http: //support. microsoft. com/kb/929841 

Q35. You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed. 

You have a desktop computer that has the following configuration: 

Computer name: Computer1 

Operating system: Windows 8 

MAC address: 20-CF-30-65-D0-87 

GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618 

You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console. 

Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.) 

A. 20CF3065D08700000000000000000000 

B. 979708BFC04B45259FE0C4150BB6C618 

C. 979708BF-C04B-452S-9FE0-C4150BB6C618 

D. 0000000000000000000020CF306SD087 

E. 00000000-0000-0000-0000-C41S0BB6C618 

Answer: C,D 


In the text box, type the client computer's MAC address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX-XXXXXXXXXXXX}. 

* To add or remove pre-staged client to/from AD DS, specify the name of the computer or the device ID, which is a GUID, media access control (MAC) address, or Dynamic Host Configuration Protocol (DHCP) identifier associated with the computer. 

* Example: Remove a device by using its ID from a specified domain This command removes the pre-staged device that has the specified ID. The cmdlet searches the domain named for the device. 

Windows PowerShell PS C:\\> Remove-WdsClient -DeviceID "5a7a1def-2e1f-4a7b-a792-ae5275b6ef92" -Domain -DomainName "" 


Your company has two offices. The offices are located in Montreal and Seattle. 

The network contains an Active Directory domain named The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed. 

You need to configure Server2 to download updates that are approved on Server1 only. 

What cmdlet should you run? To answer, select the appropriate options in the answer area. 


Q37. Your network contains an Active Directory domain named All domain controllers run Windows Server 2012 R2. 

You create a central store for Group Policy. 

You receive a custom administrative template named Template1.admx. 

You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs). 

What should you do? 

A. From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates. 

B. From the Default Domain Policy, add Template1.admx to the Administrative Templates. 

C. Copy Template1.admx to \\\\\\SYSVOL\\\\Policies\\PolicyDefinitions\\. 

D. Copy Template1.admx to \\\\\\NETLOGON. 



Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs. 

Q38. Your network contains an Active Directory domain named The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2. 

A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily. 

During routine maintenance, you delete a group named Group1. 

You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort. 

What should you do first? 

A. Perform an authoritative restore of Group1. 

B. Mount the most recent Active Directory backup. 

C. Use the Recycle Bin to restore Group1. 

D. Reactivate the tombstone of Group1. 



The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it's the only way to recover a deleted object's identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object. Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners. 

Q39. Your network contains an Active Directory domain named All domain 

controllers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the zone is Active Directory-integrated and has the default settings. 

A server named Server1 is a DNS server that runs a UNIX-based operating system. 

You plan to use Server1 as a secondary DNS server for the zone. 

You need to ensure that Server1 can host a secondary copy of the zone. 

What should you do? 

A. From DNS Manager, modify the Advanced settings of DC1. 

B. From DNS Manager, modify the Zone Transfers settings of the zone. 

C. From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify the zone as a target. 

D. From DNS Manager, modify the Security settings of DC1. 



There are two ways that a secondary DNS server can be added. In both scenarios you will need to add the new server to the Forwarders list of the primary Domain Controller. 

1. The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name System (DNS) server. 

2. From the primary server, open DNS Manager, right click on the server name and select Properties. Click on the Forwarders tab and click the Edit button in the middle of the dialogue box. 

Q40. Your network contains an Active Directory forest named The forest functional level is Windows Server 2012 R2. The forest contains a single domain. 

You create a Password Settings object (PSO) named PSO1. 

You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational unit named OU1. 

What should you do? 

A. From Active Directory Users and Computers, run the Delegation of Control Wizard. 

B. From Active Directory Administrative Center, modify the security settings of PSO1. 

C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1. 

D. From Active Directory Administrative Center, modify the security settings of OU1. 



PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs, consider creating global security groups that contain the users from these OUs and then applying the newly defined finegrained password and account lockout policies to them. If you move a user from one OU to another, you must update user memberships in the corresponding global security groups. Go ahead and hit "OK" and then close out of all open windows. Now that you have created a password policy, we need to apply it to a user/group. In order to do so, you must have "write" permissions on the PSO object. We're doing this in a lab, so I'm Domain Admin. Write permissions are not a problem 

1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active Directory Users and Computers). 

2. On the View menu, ensure that Advanced Features is checked. 

3. In the console tree, expand Active Directory Users and Computers\\yourdomain\\System\\Password Settings Container 

4. In the details pane, right-click the PSO, and then click Properties. 

5. Click the Attribute Editor tab. 

6. Select the msDS-PsoAppliesTo attribute, and then click Edit.