[Jul 2017] 70 411 dumps

Accurate of 70 411 exam dumps exam price materials and testing bible for Microsoft certification for customers, Real Success Guaranteed with Updated exam ref 70 411 pdf dumps vce Materials. 100% PASS Administering Windows Server 2012 exam Today!

2017 NEW RECOMMEND

Free VCE & PDF File for Microsoft 70-411 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/70-411-dumps.html

Q111. Your company has a main office and a branch office. 

The network contains an Active Directory domain named contoso.com. 

The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com. 

The main office connects to the branch office by using an unreliable WAN link. 

You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days. 

Which setting should you modify in the start of authority (SOA) record? 

A. Retry interval 

B. Refresh interval 

C. Expires after 

D. Minimum (default) TTL 

Answer:

Explanation: 

Used by other DNS servers that are configured to load and host the zone to determine when zone data expires if it is not renewed 

Q112. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. 

The network contains several group Managed Service Accounts that are used by four member servers. 

You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created. 

You create a Group Policy object (GPO) named GPO1. 

What should you do next? 

A. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers organizational unit (OU). 

B. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU. 

C. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers organizational unit (OU). 

D. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new organizational unit (OU). Link GPO1 to the new OU. 

Answer:

Explanation: 

Audit User Account Management This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed: 

. A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked. 

A user account password is set or changed. 

Security identifier (SID) history is added to a user account. 

The Directory Services Restore Mode password is set. 

Permissions on accounts that are members of administrators groups are changed. 

Credential Manager credentials are backed up or restored. 

This policy setting is essential for tracking events that involve provisioning and managing user accounts. 

Q113. Your network contains an Active Directory domain named contoso.com. The domain contains a server named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server 2012 R2. 

You install the Remote Access server role on 10 servers. 

You need to ensure that all of the Remote Access servers use the same network policies. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to authenticate connection requests. 

B. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote RADIUS server group. 

C. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type condition. 

D. Configure each Remote Access server to use a RADIUS server named NPS1. 

E. On NPS1, create a RADIUS client template and use the template to create RADIUS clients. 

Answer: C,D 

Explanation: 

Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages. 

: http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx 

Q114. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed. 

You need to allow connections that use 802.1x. 

What should you create? 

A. A network policy that uses Microsoft Protected EAP (PEAP) authentication 

B. A network policy that uses EAP-MSCHAP v2 authentication 

C. A connection request policy that uses EAP-MSCHAP v2 authentication 

D. A connection request policy that uses MS-CHAP v2 authentication 

Answer:

Explanation: 

802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods: 

EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. 

EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate-based security environments, and it provides the strongest authentication and key determination method. 

EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication. 

PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols. 

Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following: 

The time of day and day of the week 

The realm name in the connection request 

The type of connection being requested 

The IP address of the RADIUS client 

Q115. You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Files created by users in the human resources department are assigned the Department classification property automatically. 

You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more. 

You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort. 

What should you configure on Task1? 

A. Configure a file screen 

B. Create a condition 

C. Create a classification rule 

D. Create a custom action 

Answer:

Explanation: 

Create a File Expiration Task The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then create additional conditions, or edit or remove an existing condition. 

Q116. Your network contains an Active Directory domain named adatum.com. The domain contains 10 domain controllers that run Windows Server 2012 R2. 

You plan to create a new Active Directory-integrated zone named contoso.com. 

You need to ensure that the new zone will be replicated to only four of the domain controllers. 

What should you do first? 

A. Create an application directory partition. 

B. Create an Active Directory connection object. 

C. Create an Active Directory site link. 

D. Change the zone replication scope. 

Answer:

Explanation: 

Application directory partitions An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition. 

Q117. DRAG DROP 

Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server (NPS) server named NPS1 and a VPN server named VPN1. VPN1 forwards all authentication requests to NPS1. 

A partner company has an Active Directory forest named adatum.com. The adatum.com forest contains an NPS server named NPS2. 

You plan to grant users from adatum.com VPN access to your network. 

You need to authenticate the users from adatum.com on VPN1. 

What should you create on each NPS server? 

To answer, drag the appropriate objects to the correct NPS servers. Each object may be 

used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. 

Answer: 

Q118. Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2. 

On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1. 

What should you do? 

A. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting. 

B. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting. 

C. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting. 

D. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting. 

Answer:

Explanation: 

Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription. 

1. Run the following command from an elevated privilege command prompt on the 

Windows Server domain controller to configure Windows Remote Management: winrm qc –q. 

2. Start group policy by running the following command: %SYSTEMROOT%\\System32\\gpedit. msc. 

3. Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event Forwarding node. 

4. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting. 

5. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force. 

If you want to configure a source computer-initiated subscription, you need to configure the following group policies on the computers that will act as the event forwarders: 

* (A) Configure Target Subscription Manager This policy enables you to set the location of the collector computer. 

Q119. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and Access Services server role installed. 

Your company's security policy requires that certificate-based authentication must be used by some network services. 

You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy. 

Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.) 

A. MS-CHAP 

B. PEAP-MS-CHAP v2 

C. Chap 

D. EAP-TLS 

E. MS-CHAP v2 

Answer: B,D 

Explanation: 

PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify their identities to each other. 

Q120. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily. 

The domain has the Active Directory Recycle Bin enabled. 

During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups. 

For documentation purposes, you must provide a list of the members of Group1 before the group was deleted. 

You need to identify the names of the users who were members of Group1 prior to its deletion. 

You want to achieve this goal by using the minimum amount of administrative effort. 

What should you do first? 

A. Mount the most recent Active Directory backup. 

B. Reactivate the tombstone of Group1. 

C. Perform an authoritative restore of Group1. 

D. Use the Recycle Bin to restore Group1. 

Answer:

Explanation: 

The Active Directory Recycle Bin does not have the ability to track simple changes to objects. 

If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future. In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. 

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.