Do you want to pass the 70-411 examsavior exam? What are the new questions of the latest 70-411 exam? Braindumps 70-411 VCE dumps and 70-411 PDF dumps will tell you all about the 70-411 examsavior exam.Here are the examsavior newest and covered all new added questions and answers, which will help you 100% passing 70-411 examsavior exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
QUESTION 41
Your network contains an Active Directory domain named contoso.com. The domain contains three
servers. The servers are configured as shown in the following table.
Your network contains an Active Directory domain named contoso.com. The domain contains three
servers. The servers are configured as shown in the following table.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-359.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You need to ensure that end-to-end encryption is used between clients and Server2 when the
clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.
Correct Answer: BE
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Unsure about these answers:
A public key infrastructure must be deployed.
Windows Firewall must be enabled on all profiles. ISATAP in the corporate network is not supported. If you
are using ISATAP, you should remove it and use native IPv6.
Computers that are running the following operating systems are supported as DirectAccess clients:
Windows Server® 2012 R2
Windows 8.1 Enterprise
Windows Server® 2012
Windows 8 Enterprise
Windows Server® 2008 R2
Windows 7 Ultimate
Windows 7 Enterprise
Force tunnel configuration is not supported with KerbProxy authentication. Changing policies by using a
feature other than the DirectAccess management console or Windows PowerShell cmdlets is not
supported. Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.
QUESTION 42
Your network contains an Active Directory forest. The forest contains two domains named contoso.com
and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directoryintegrated
zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com.
Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com.
You need to configure Server1 to support the resolution of names in fabnkam.com.
The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the
WAN link fails.
What should you do on Server1?
A. Create a stub zone.
B. Add a forwarder.
C. Create a secondary zone.
D. Create a conditional forwarder.
Correct Answer: C
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
http://technet.microsoft.com/en-us/library/cc771898.aspx
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for
information about this zone. The zone at this server must be obtained from another remote DNS server
computer that also hosts the zone With secondary, you have ability to resolve records from the other
domain even if its DNS servers are temporarily unavailable
While secondary zones contain copies of all the resource records in the corresponding zone on the master
name server, stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name
servers authoritative for the zone.
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Stub_Zones.html
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=2
Last update: 13/09/2015
QUESTION 43
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012
R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You need to ensure that Server2 can host a secondary zone for contoso.com.
What should you do from Server1?
A. Add Server2 as a name server.
B. Create a trust anchor named Server2.
C. Convert contoso.com to an Active Directory-integrated zone.
D. Create a zone delegation that points to Server2.
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Typically, adding a secondary DNS server to a zone involves three steps:
1. On the primary DNS server, add the prospective secondary DNS server to the list of name servers that
are authoritative for the zone.
2. On the primary DNS server, verify that the transfer settings for the zone permit the zone to be
transferred to the prospective secondary DNS server.
3. On the prospective secondary DNS server, add the zone as a secondary zone.
You must add a new Name Server. To add a name server to the list of authoritative servers for the zone,
you must specify both the server’s IP address and its DNS name. When entering names, click Resolve to
resolve the name to its IP address prior to adding it to the list.
Secondary zones cannot be AD-integrated under any circumstances.
You want to be sure Server2 can host, you do not want to delegate a zone.
Secondary Domain Name System (DNS) servers help provide load balancing and fault tolerance.
Secondary DNS servers maintain a read-only copy of zone data that is transferred periodically from the
primary DNS server for the zone. You can configure DNS clients to query secondary DNS servers instead
of (or in addition to) the primary DNS server for a zone, reducing demand on the primary server and
ensuring that DNS queries for the zone will be answered even if the primary server is not available.
How-To: Configure a secondary DNS Server in Windows Server 2012
We need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise
replication will fail and you will get this big red X.
clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.
Correct Answer: BE
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Unsure about these answers:
A public key infrastructure must be deployed.
Windows Firewall must be enabled on all profiles. ISATAP in the corporate network is not supported. If you
are using ISATAP, you should remove it and use native IPv6.
Computers that are running the following operating systems are supported as DirectAccess clients:
Windows Server® 2012 R2
Windows 8.1 Enterprise
Windows Server® 2012
Windows 8 Enterprise
Windows Server® 2008 R2
Windows 7 Ultimate
Windows 7 Enterprise
Force tunnel configuration is not supported with KerbProxy authentication. Changing policies by using a
feature other than the DirectAccess management console or Windows PowerShell cmdlets is not
supported. Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.
QUESTION 42
Your network contains an Active Directory forest. The forest contains two domains named contoso.com
and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directoryintegrated
zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com.
Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com.
You need to configure Server1 to support the resolution of names in fabnkam.com.
The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the
WAN link fails.
What should you do on Server1?
A. Create a stub zone.
B. Add a forwarder.
C. Create a secondary zone.
D. Create a conditional forwarder.
Correct Answer: C
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
http://technet.microsoft.com/en-us/library/cc771898.aspx
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for
information about this zone. The zone at this server must be obtained from another remote DNS server
computer that also hosts the zone With secondary, you have ability to resolve records from the other
domain even if its DNS servers are temporarily unavailable
While secondary zones contain copies of all the resource records in the corresponding zone on the master
name server, stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name
servers authoritative for the zone.
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Stub_Zones.html
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=2
Last update: 13/09/2015
QUESTION 43
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012
R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You need to ensure that Server2 can host a secondary zone for contoso.com.
What should you do from Server1?
A. Add Server2 as a name server.
B. Create a trust anchor named Server2.
C. Convert contoso.com to an Active Directory-integrated zone.
D. Create a zone delegation that points to Server2.
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Typically, adding a secondary DNS server to a zone involves three steps:
1. On the primary DNS server, add the prospective secondary DNS server to the list of name servers that
are authoritative for the zone.
2. On the primary DNS server, verify that the transfer settings for the zone permit the zone to be
transferred to the prospective secondary DNS server.
3. On the prospective secondary DNS server, add the zone as a secondary zone.
You must add a new Name Server. To add a name server to the list of authoritative servers for the zone,
you must specify both the server’s IP address and its DNS name. When entering names, click Resolve to
resolve the name to its IP address prior to adding it to the list.
Secondary zones cannot be AD-integrated under any circumstances.
You want to be sure Server2 can host, you do not want to delegate a zone.
Secondary Domain Name System (DNS) servers help provide load balancing and fault tolerance.
Secondary DNS servers maintain a read-only copy of zone data that is transferred periodically from the
primary DNS server for the zone. You can configure DNS clients to query secondary DNS servers instead
of (or in addition to) the primary DNS server for a zone, reducing demand on the primary server and
ensuring that DNS queries for the zone will be answered even if the primary server is not available.
How-To: Configure a secondary DNS Server in Windows Server 2012
We need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise
replication will fail and you will get this big red X.
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-360.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
Head over to your primary DNS server, launch DNS manager, expand Forward Lookup
Zones, navigate to your primary DNS zone, right-click on it and go to Properties.
Go to "Zone Transfers" tab, by default, for security reasons, the "Allow zone transfers: " is un-checked to
protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not
want to select "To any server" but make sure you click on "Only to servers listed on the Name Servers tab"
Zones, navigate to your primary DNS zone, right-click on it and go to Properties.
Go to "Zone Transfers" tab, by default, for security reasons, the "Allow zone transfers: " is un-checked to
protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not
want to select "To any server" but make sure you click on "Only to servers listed on the Name Servers tab"
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-361.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
Head over to the "Name Servers" tab, click Add
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-362.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You will get "New Name Server Record" window, type in the name of your secondary DNS server. it is
always better to validate by name not IP address to avoid future problems in case your IP addresses
change. Once done, click OK.
always better to validate by name not IP address to avoid future problems in case your IP addresses
change. Once done, click OK.
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-363.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You will see your secondary DNS server is now added to your name servers selection, click OK.![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-364.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
Now if you head back to to your secondary DNS server and refresh, the big red X will go away and your
primary zone data will populate
primary zone data will populate
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-365.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
Your secondary DNS is fully setup now. You can not make any DNS changes from your secondary DNS.
Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS.
http://technet.microsoft.com/en-us/library/cc816885%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc816814%28v=ws.10%29.aspx
http://blog.hyperexpert.com/how-to-configure-a-secondary-dns-server-in-windows-server-2012/
http://technet.microsoft.com/en-us/library/cc770984.aspx
http://support.microsoft.com/kb/816101
http://technet.microsoft.com/en-us/library/cc753500.aspx
http://technet.microsoft.com/en-us/library/cc771640(v=ws. 10).aspx
http://technet.microsoft.com/en-us/library/ee649280(v=ws. 10).aspx
QUESTION 44
Your network contains an Active Directory domain named contoso.com. The domain contains a Web
server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess.
The solution must not prevent the users from using DirectAccess to access other resources in
contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. DNS Client
C. Name Resolution Policy
D. Network Connections
Correct Answer: C
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot
(for example, . internal.contoso.com or . corp.contoso.com). For a DirectAccess client, any name request
that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS)
servers.
Include all intranet DNS namespaces that you want DirectAccess client computers to access.
There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To
configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration
\Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients.
You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the
NRPT with Group Policy.
QUESTION 45
Your network contains an Active Directory domain named contoso.com.
All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user
accounts for the finance department reside in an organizational unit (OU) named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group
Policy preference of GPO1 to add a shortcut named Link1 to the desktop.
You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop.
What should you do?
A. Enforce GPO1.
B. Enable loopback processing in GPO1.
C. Modify the Link1 shortcut preference of GPO1.
D. Modify the Security Filtering settings of GPO1.
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
I Change the " D) Modify the Security Filtering settings of GPO1." for "C) Modify the Link1 shortcut
preference of GPO1."
Notes:
Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS.
http://technet.microsoft.com/en-us/library/cc816885%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc816814%28v=ws.10%29.aspx
http://blog.hyperexpert.com/how-to-configure-a-secondary-dns-server-in-windows-server-2012/
http://technet.microsoft.com/en-us/library/cc770984.aspx
http://support.microsoft.com/kb/816101
http://technet.microsoft.com/en-us/library/cc753500.aspx
http://technet.microsoft.com/en-us/library/cc771640(v=ws. 10).aspx
http://technet.microsoft.com/en-us/library/ee649280(v=ws. 10).aspx
QUESTION 44
Your network contains an Active Directory domain named contoso.com. The domain contains a Web
server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration.
You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess.
The solution must not prevent the users from using DirectAccess to access other resources in
contoso.com.
Which settings should you configure in a Group Policy object (GPO)?
A. DirectAccess Client Experience Settings
B. DNS Client
C. Name Resolution Policy
D. Network Connections
Correct Answer: C
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
For DirectAccess, the NRPT must be configured with the namespaces of your intranet with a leading dot
(for example, . internal.contoso.com or . corp.contoso.com). For a DirectAccess client, any name request
that matches one of these namespaces will be sent to the specified intranet Domain Name System (DNS)
servers.
Include all intranet DNS namespaces that you want DirectAccess client computers to access.
There are no command line methods for configuring NRPT rules. You must use Group Policy settings. To
configure the NRPT through Group Policy, use the Group Policy add-in at Computer Configuration
\Policies\Windows Settings\Name Resolution Policy in the Group Policy object for DirectAccess clients.
You can create a new NRPT rule and edit or delete existing rules. For more information, see Configure the
NRPT with Group Policy.
QUESTION 45
Your network contains an Active Directory domain named contoso.com.
All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user
accounts for the finance department reside in an organizational unit (OU) named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group
Policy preference of GPO1 to add a shortcut named Link1 to the desktop.
You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop.
What should you do?
A. Enforce GPO1.
B. Enable loopback processing in GPO1.
C. Modify the Link1 shortcut preference of GPO1.
D. Modify the Security Filtering settings of GPO1.
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
I Change the " D) Modify the Security Filtering settings of GPO1." for "C) Modify the Link1 shortcut
preference of GPO1."
Notes:
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-366.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
Group Policy settings have extensions that allow the amount of configurable preference settings within a
GPO. You can manage using Group Policy drive mappings, registry settings, local users and groups,
services, files and folders, without having to learn a scripting language.
The preference item shortcuts created, modifies, or deletes a shortcut to a file system object (such as a
file, a drive, a release or a computer), a shell object (such as a printer, a desktop item or a Control Panel
item), or a URL (for example, a Web page or an FTP site).
To ensure that the link is re-created when it was deleted, the action should create are set out below:
QUESTION 46
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from User Configuration in GPO1?
A. Policies/Administrative Templates/Network/Windows Connect Now
B. Policies/Administrative Templates/Network/Network Connections
C. Policies/Administrative Templates/Windows Components/Windows Mobility Center
D. Preferences/Control Panel Settings/Network Options
Correct Answer: D
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Explanation:
1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should
contain the new preference item, and then click Edit.
2. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder,
and then expand the Control Panel Settings folder.
3. Right-click the Network Options node, point to New, and select VPN Connection.
The Network Options extension allows you to centrally create, modify, and delete dial-up networking and
virtual private network (VPN) connections. Before you create a network option preference item, you should
review the behavior of each type of action possible with the extension.
http://technet.microsoft.com/en-us/library/cc772449.aspx
GPO. You can manage using Group Policy drive mappings, registry settings, local users and groups,
services, files and folders, without having to learn a scripting language.
The preference item shortcuts created, modifies, or deletes a shortcut to a file system object (such as a
file, a drive, a release or a computer), a shell object (such as a printer, a desktop item or a Control Panel
item), or a URL (for example, a Web page or an FTP site).
To ensure that the link is re-created when it was deleted, the action should create are set out below:
QUESTION 46
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from User Configuration in GPO1?
A. Policies/Administrative Templates/Network/Windows Connect Now
B. Policies/Administrative Templates/Network/Network Connections
C. Policies/Administrative Templates/Windows Components/Windows Mobility Center
D. Preferences/Control Panel Settings/Network Options
Correct Answer: D
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Explanation:
1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should
contain the new preference item, and then click Edit.
2. In the console tree under Computer Configuration or User Configuration, expand the Preferences folder,
and then expand the Control Panel Settings folder.
3. Right-click the Network Options node, point to New, and select VPN Connection.
The Network Options extension allows you to centrally create, modify, and delete dial-up networking and
virtual private network (VPN) connections. Before you create a network option preference item, you should
review the behavior of each type of action possible with the extension.
http://technet.microsoft.com/en-us/library/cc772449.aspx
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-367.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 47
Your network contains an Active Directory domain named contoso.com. All client computers run Windows
8.1.
The network contains a shared folder named FinancialData that contains five files.
You need to ensure that the FinancialData folder and its contents are copied to all of the client
computers.
Which two Group Policy preferences should you configure? (Each correct answer presents part of the
solution. Choose two.)
A. Shortcuts
B. Network Shares
C. Environment
D. Folders
E. Files
Correct Answer: DE
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Group Policy settings have extensions that allow the amount of configurable preference settings within a
GPO. You can manage, without having to learn a scripting language by using Group Policy drive
mappings, registry settings, local users and groups, services, files and folders.
Folder preference items allow you to create, update, replace, and delete folders and their contents. (To
configure individual files rather than folders, see Files Extension.) Before you create a Folder preference
item, you should review the behavior of each type of action possible with this extension.
File preference items allow you to copy, modify the attributes of, replace, and delete files. (To configure
folders rather than individual files, see Folders Extension.) Before you create a File preference item, you
should review the behavior of each type of action possible with this extension.
QUESTION 48
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to
an organizational unit (OU) named OU1. OU1 contains 200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is
unlinked from OU1.
Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose
two.)
A. The managed Administrative Template settings
B. The unmanaged Administrative Template settings
C. The System Services security settings
D. The Event Log security settings
E. The Restricted Groups security settings
Correct Answer: AE
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Change the "D" for "E" based on the actual exam and checked with and Premium account.
Explanation:
http://technet.microsoft.com/en-us/library/cc778402(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb964258.aspx
There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group
Policy service governs Managed policy settings and removes a policy setting when it is no longer within
scope of the user or computer
QUESTION 49
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and
Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers.
The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?
A. The Group Policy preferences
B. An application control policy
C. The Administrative Templates
D. The Software Installation settings
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
For Microsoft Office 2013, you can download Administrative Template files (ADMX, ADML) of the
Micrososft site and copy it to the central store. Then you numerous guidelines for configuring Microsoft
Office and the Microsoft Office applications are available in the Administrative Templates of your GPOs.
QUESTION 50
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
The domain contains 200 Group Policy objects (GPOs).
An administrator named Admin1 must be able to add new WMI filters from the Group Policy Management
Console (GPMC).
You need to delegate the required permissions to Admin1. The solution must minimize the number
of permissions assigned to Admin1.
What should you do?
A. From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers_group.
B. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
C. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
D. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.
Correct Answer: D
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Your network contains an Active Directory domain named contoso.com. All client computers run Windows
8.1.
The network contains a shared folder named FinancialData that contains five files.
You need to ensure that the FinancialData folder and its contents are copied to all of the client
computers.
Which two Group Policy preferences should you configure? (Each correct answer presents part of the
solution. Choose two.)
A. Shortcuts
B. Network Shares
C. Environment
D. Folders
E. Files
Correct Answer: DE
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Group Policy settings have extensions that allow the amount of configurable preference settings within a
GPO. You can manage, without having to learn a scripting language by using Group Policy drive
mappings, registry settings, local users and groups, services, files and folders.
Folder preference items allow you to create, update, replace, and delete folders and their contents. (To
configure individual files rather than folders, see Files Extension.) Before you create a Folder preference
item, you should review the behavior of each type of action possible with this extension.
File preference items allow you to copy, modify the attributes of, replace, and delete files. (To configure
folders rather than individual files, see Folders Extension.) Before you create a File preference item, you
should review the behavior of each type of action possible with this extension.
QUESTION 48
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to
an organizational unit (OU) named OU1. OU1 contains 200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is
unlinked from OU1.
Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose
two.)
A. The managed Administrative Template settings
B. The unmanaged Administrative Template settings
C. The System Services security settings
D. The Event Log security settings
E. The Restricted Groups security settings
Correct Answer: AE
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Change the "D" for "E" based on the actual exam and checked with and Premium account.
Explanation:
http://technet.microsoft.com/en-us/library/cc778402(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb964258.aspx
There are two kinds of Administrative Template policy settings: Managed and Unmanaged . The Group
Policy service governs Managed policy settings and removes a policy setting when it is no longer within
scope of the user or computer
QUESTION 49
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and
Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers.
The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?
A. The Group Policy preferences
B. An application control policy
C. The Administrative Templates
D. The Software Installation settings
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
For Microsoft Office 2013, you can download Administrative Template files (ADMX, ADML) of the
Micrososft site and copy it to the central store. Then you numerous guidelines for configuring Microsoft
Office and the Microsoft Office applications are available in the Administrative Templates of your GPOs.
QUESTION 50
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
The domain contains 200 Group Policy objects (GPOs).
An administrator named Admin1 must be able to add new WMI filters from the Group Policy Management
Console (GPMC).
You need to delegate the required permissions to Admin1. The solution must minimize the number
of permissions assigned to Admin1.
What should you do?
A. From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers_group.
B. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
C. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
D. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.
Correct Answer: D
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-368.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
Users with Full control permissions can create and control all WMI filters in the domain, including WMI
filters created by others.
Users with Creator owner permissions can create WMI filters, but can only control WMI filters that they
create.
Notes:
To delegate creation of WMI filters:
Open the Group Policy Management.
Click in the console tree, click WMI Filters in the forest and domain in which you want to delegate
administrative permissions on all WMI filters.
Click Add.
On the dialog box Users, Computers, or Groups on Object Types, select the types of objects to which
you want to delegate permissions on all WMI filters, and then click OK.
Click paths, select either Entire Directory or the domain or organizational unit containing the object to
which you want to delegate permissions, and then click OK.
In the field Enter the object names to the name of the object to which you want to delegate permissions
by doing one of the following actions:
If you know the name, type it, and then click OK.
Click to search for the name on Advanced, enter the search criteria, click Start Search. Select the
name from the list box, click OK, and then click OK.
In the dialog box, group or user to add the permission level that you want to assign to the group or user,
and then click OK.
Users with permissions type full access can create and control, including those created by others WMI
filter all WMI filters in the domain. Users with permissions of the type Creator Owner can create WMI
filters, but can only control WMI filters whose creators they are.
http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx
QUESTION 51
Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes.
Which setting should you modify in the start of authority (SOA) record?
A. Retry interval
B. Expires after
C. Minimum (default) TTL
D. Refresh interval
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
By default, the refresh interval for each zone is set to 15 minutes. The refresh interval is used to determine
how often other DNS servers that load and host the zone must attempt to renew the zone.
filters created by others.
Users with Creator owner permissions can create WMI filters, but can only control WMI filters that they
create.
Notes:
To delegate creation of WMI filters:
Open the Group Policy Management.
Click in the console tree, click WMI Filters in the forest and domain in which you want to delegate
administrative permissions on all WMI filters.
Click Add.
On the dialog box Users, Computers, or Groups on Object Types, select the types of objects to which
you want to delegate permissions on all WMI filters, and then click OK.
Click paths, select either Entire Directory or the domain or organizational unit containing the object to
which you want to delegate permissions, and then click OK.
In the field Enter the object names to the name of the object to which you want to delegate permissions
by doing one of the following actions:
If you know the name, type it, and then click OK.
Click to search for the name on Advanced, enter the search criteria, click Start Search. Select the
name from the list box, click OK, and then click OK.
In the dialog box, group or user to add the permission level that you want to assign to the group or user,
and then click OK.
Users with permissions type full access can create and control, including those created by others WMI
filter all WMI filters in the domain. Users with permissions of the type Creator Owner can create WMI
filters, but can only control WMI filters whose creators they are.
http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx
QUESTION 51
Your network contains two DNS servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com.
You need to ensure that Server2 replicates changes to the contoso.com zone every five minutes.
Which setting should you modify in the start of authority (SOA) record?
A. Retry interval
B. Expires after
C. Minimum (default) TTL
D. Refresh interval
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
By default, the refresh interval for each zone is set to 15 minutes. The refresh interval is used to determine
how often other DNS servers that load and host the zone must attempt to renew the zone.
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-369.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 52
Your network contains two Active Directory domains named contoso.com and adatum.com.
The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS
Server server role installed. Server1 has a copy of the contoso.com DNS zone.
You need to configure Server1 to resolve names in the adatum.com domain. The solution must meet
the following requirements:
Prevent the need to change the configuration of the current name servers that host zones for
adatum.com.
Minimize administrative effort.
Which type of zone should you create?
A. Secondary
B. Stub
C. Reverse lookup
D. Primary
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information
about the authoritative name servers for this zone. The zone at this server must be obtained from another
DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to
copy the authoritative name server information about the zone.
A stub zone is a copy of a zone that contains only necessary resource records (Start of Authority (SOA),
Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the
authoritative name server. The stub zone allows the server to forward queries to the name server that is
authoritative for the master zone without going up to the root name servers and working its way down to
the server. While a stub zone can improve performance, it does not provide redundancy or load sharing.
Your network contains two Active Directory domains named contoso.com and adatum.com.
The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS
Server server role installed. Server1 has a copy of the contoso.com DNS zone.
You need to configure Server1 to resolve names in the adatum.com domain. The solution must meet
the following requirements:
Prevent the need to change the configuration of the current name servers that host zones for
adatum.com.
Minimize administrative effort.
Which type of zone should you create?
A. Secondary
B. Stub
C. Reverse lookup
D. Primary
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information
about the authoritative name servers for this zone. The zone at this server must be obtained from another
DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to
copy the authoritative name server information about the zone.
A stub zone is a copy of a zone that contains only necessary resource records (Start of Authority (SOA),
Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the
authoritative name server. The stub zone allows the server to forward queries to the name server that is
authoritative for the master zone without going up to the root name servers and working its way down to
the server. While a stub zone can improve performance, it does not provide redundancy or load sharing.
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-370.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You can use stub zones to:
Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the
DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative
DNS servers for the child zone. Improve name resolution. Stub zones enable a DNS server to perform
recursion using the stub zone’s list of name servers, without having to query the Internet or an internal root
server for the DNS namespace.
Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a
list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not
serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy
and load sharing.
There are two lists of DNS servers involved in the loading and maintenance of a stub zone:
The list of master servers from which the DNS server loads and updates a stub zone. A master server may
be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS
servers for the zone. The list of the authoritative DNS servers for a zone. This list is contained in the stub
zone using name server (NS) resource records.
When a DNS server loads a stub zone, such as widgets. tailspintoys.com, it queries the master servers,
which can be in different locations, for the necessary resource records of the authoritative servers for the
zone widgets. tailspintoys.com. The list of master servers may contain a single server or multiple servers,
and it can be changed anytime.
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://technet.microsoft.com/en-us/library/cc754190.aspx
http://technet.microsoft.com/en-us/library/cc730980.aspx
QUESTION 53
Your network contains an Active Directory domain named contoso.com. The domain contains six domain
controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server
server role installed and hosts an Active Directory-integrated zone for contoso.com.
You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for
testing.
You need to ensure that the new zone will be available only on DC5 and DCG.
What should you do first?
A. Change the zone replication scope.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Create an application directory partition.
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
You can store Domain Name System (DNS) zones in the domain or application directory partitions of
Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data
for different replication purposes. When you create an application directory partition for DNS, you can
control the scope of replication for the zone that is stored in that partition.
QUESTION 54
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server
2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to
authenticate connection requests.
B. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote
RADIUS server group.
C. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type
condition.
D. Configure each Remote Access server to use a RADIUS server named NPS1.
E. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
Correct Answer: CD
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to
designate which RADIUS servers perform the authentication and authorization of connection requests that
the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request
policies can be configured to designate which RADIUS servers are used for RADIUS accounting. When
you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS)
proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the
connection requests because they can perform authentication and authorization in the domain where the
user or computer account is located. For example, if you want to forward connection requests to one or
more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the
requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy,
you must create a connection request policy that contains all of the information required for NPS to
evaluate which messages to forward and where to send the messages.
http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx
QUESTION 55
Your network contains a server named Server1 that has the Network Policy and Access Services server
role installed.
All of the network access servers forward connection requests to Server1.
You create a new network policy on Server1.
You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24
subnet.
What should you do?
A. Set the Client IP4 Address condition to 192.168.0.0/24.
B. Set the Client IP4 Address condition to 192.168.0.
C. Set the Called Station ID constraint to 192.168.0.0/24.
D. Set the Called Station ID constraint to 192.168.0.
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
RADIUS client properties
Following are the RADIUS client conditions that you can configure in network policy.
Calling Station ID: Specifies the network access server telephone number that was dialed by the dial-up
access client.
Client Friendly Name: Specifies the name of the RADIUS client that forwarded the connection request to
the NPS server.
Client IPv4 Address: Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that
forwarded the connection request to the NPS server.
Client IPv6 Address: Specifies the Internet Protocol (IP) version 6 address of the RADIUS client that
forwarded the connection request to the NPS server.
Client Vendor: Specifies the name of the vendor or manufacturer of the RADIUS client that sends
connection requests to the NPS server.
MS RAS Vendor: Specifies the vendor identification number of the network access server that is
requesting authentication.
Last update: 13/09/2015
QUESTION 56
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services
server role installed.
You plan to deploy 802.1x authentication to secure the wireless network.
You need to identify which Network Policy Server (NPS) authentication method supports
certificate-based mutual authentication for the 802.1x deployment.
Which authentication method should you identify?
A. MS-CHAP
B. PEAP-MS-CHAPv2
C. EAP-TLS
D. MS-CHAP v2
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such
as certificates, smart cards, or credentials.
EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based
security environments, and it provides the strongest authentication and key determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a
mutual authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP
authentication protocols.
QUESTION 57
Your network contains an Active Directory domain named contoso.com. The domain contains client
computers that run either Windows XP or Windows 8.
Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).
Setspn.exe
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution.
Choose three.)
A. Antispyware is up to date.
B. Automatic updating is enabled.
C. Antivirus is up to date.
D. A firewall is enabled for all network connections.
E. An antispyware application is on.
Correct Answer: BCD
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware
applications.
Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the
DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative
DNS servers for the child zone. Improve name resolution. Stub zones enable a DNS server to perform
recursion using the stub zone’s list of name servers, without having to query the Internet or an internal root
server for the DNS namespace.
Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a
list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not
serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy
and load sharing.
There are two lists of DNS servers involved in the loading and maintenance of a stub zone:
The list of master servers from which the DNS server loads and updates a stub zone. A master server may
be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS
servers for the zone. The list of the authoritative DNS servers for a zone. This list is contained in the stub
zone using name server (NS) resource records.
When a DNS server loads a stub zone, such as widgets. tailspintoys.com, it queries the master servers,
which can be in different locations, for the necessary resource records of the authoritative servers for the
zone widgets. tailspintoys.com. The list of master servers may contain a single server or multiple servers,
and it can be changed anytime.
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://technet.microsoft.com/en-us/library/cc754190.aspx
http://technet.microsoft.com/en-us/library/cc730980.aspx
QUESTION 53
Your network contains an Active Directory domain named contoso.com. The domain contains six domain
controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server
server role installed and hosts an Active Directory-integrated zone for contoso.com.
You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for
testing.
You need to ensure that the new zone will be available only on DC5 and DCG.
What should you do first?
A. Change the zone replication scope.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Create an application directory partition.
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
You can store Domain Name System (DNS) zones in the domain or application directory partitions of
Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data
for different replication purposes. When you create an application directory partition for DNS, you can
control the scope of replication for the zone that is stored in that partition.
QUESTION 54
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named NPS1 that has the Network Policy Server server role installed. All servers run Windows Server
2012 R2.
You install the Remote Access server role on 10 servers.
You need to ensure that all of the Remote Access servers use the same network policies.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure each Remote Access server to use the Routing and Remote Access service (RRAS) to
authenticate connection requests.
B. On NPS1, create a remote RADIUS server group. Add all of the Remote Access servers to the remote
RADIUS server group.
C. On NPS1, create a new connection request policy and add a Tunnel-Type and a Service-Type
condition.
D. Configure each Remote Access server to use a RADIUS server named NPS1.
E. On NPS1, create a RADIUS client template and use the template to create RADIUS clients.
Correct Answer: CD
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to
designate which RADIUS servers perform the authentication and authorization of connection requests that
the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request
policies can be configured to designate which RADIUS servers are used for RADIUS accounting. When
you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS)
proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the
connection requests because they can perform authentication and authorization in the domain where the
user or computer account is located. For example, if you want to forward connection requests to one or
more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the
requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy,
you must create a connection request policy that contains all of the information required for NPS to
evaluate which messages to forward and where to send the messages.
http://technet.microsoft.com/en-us/library/cc730866(v=ws.10).aspx
QUESTION 55
Your network contains a server named Server1 that has the Network Policy and Access Services server
role installed.
All of the network access servers forward connection requests to Server1.
You create a new network policy on Server1.
You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24
subnet.
What should you do?
A. Set the Client IP4 Address condition to 192.168.0.0/24.
B. Set the Client IP4 Address condition to 192.168.0.
C. Set the Called Station ID constraint to 192.168.0.0/24.
D. Set the Called Station ID constraint to 192.168.0.
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
RADIUS client properties
Following are the RADIUS client conditions that you can configure in network policy.
Calling Station ID: Specifies the network access server telephone number that was dialed by the dial-up
access client.
Client Friendly Name: Specifies the name of the RADIUS client that forwarded the connection request to
the NPS server.
Client IPv4 Address: Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that
forwarded the connection request to the NPS server.
Client IPv6 Address: Specifies the Internet Protocol (IP) version 6 address of the RADIUS client that
forwarded the connection request to the NPS server.
Client Vendor: Specifies the name of the vendor or manufacturer of the RADIUS client that sends
connection requests to the NPS server.
MS RAS Vendor: Specifies the vendor identification number of the network access server that is
requesting authentication.
Last update: 13/09/2015
QUESTION 56
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services
server role installed.
You plan to deploy 802.1x authentication to secure the wireless network.
You need to identify which Network Policy Server (NPS) authentication method supports
certificate-based mutual authentication for the 802.1x deployment.
Which authentication method should you identify?
A. MS-CHAP
B. PEAP-MS-CHAPv2
C. EAP-TLS
D. MS-CHAP v2
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such
as certificates, smart cards, or credentials.
EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based
security environments, and it provides the strongest authentication and key determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a
mutual authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP
authentication protocols.
QUESTION 57
Your network contains an Active Directory domain named contoso.com. The domain contains client
computers that run either Windows XP or Windows 8.
Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).
Setspn.exe
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution.
Choose three.)
A. Antispyware is up to date.
B. Automatic updating is enabled.
C. Antivirus is up to date.
D. A firewall is enabled for all network connections.
E. An antispyware application is on.
Correct Answer: BCD
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The WSHA on NAP client computers running Windows XP SP3 does not monitor the status of antispyware
applications.
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-371.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 58
Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1
and 5erver2 have the Windows Server Update Services server role installed.
Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS)
replica of Server1.
You need to configure replica downstream servers to send Server1 summary information about the
computer update status.
What should you do?
A. From Server1, configure Reporting Rollup.
B. From Server2, configure Reporting Rollup.
C. From Server2, configure Email Notifications.
D. From Server1, configure Email Notifications.
Correct Answer: A
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1
and 5erver2 have the Windows Server Update Services server role installed.
Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS)
replica of Server1.
You need to configure replica downstream servers to send Server1 summary information about the
computer update status.
What should you do?
A. From Server1, configure Reporting Rollup.
B. From Server2, configure Reporting Rollup.
C. From Server2, configure Email Notifications.
D. From Server1, configure Email Notifications.
Correct Answer: A
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-372.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
WSUS Reporting Rollup Sample Tool
This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring
and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers
into your WSUS environment. The sample package also contains sample source files to customize or
extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool
and files are provided AS IS. No product support is available for this tool or sample files. For more
information read the readme file.
http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
QUESTION 59
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment
Services server role installed.
You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)
This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring
and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers
into your WSUS environment. The sample package also contains sample source files to customize or
extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool
and files are provided AS IS. No product support is available for this tool or sample files. For more
information read the readme file.
http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
QUESTION 59
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment
Services server role installed.
You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-373.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You need to configure a pre-staged device for VM1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution.
Choose two.)
A. 979708BFC04B45259FE0C4150BB6C618
B. 979708BF-C04B-4525-9FE0-C4150BB6C618
C. 00155D000F1300000000000000000000
D. 0000000000000000000000155D000F13
E. 00000000-0000-0000-0000-C4150BB6C618
Correct Answer: BD
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
Use client computer’s media access control (MAC) address preceded with twenty zeros or the globally
unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.
http://technet.microsoft.com/en-us/library/cc754469. aspx
Last update: 13/09/2015
QUESTION 60
You have a server named Server1 that runs Windows Server 2012 R2.
On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store
performance log data in C:\Logs.
You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches
100 MB in size.
What should you configure?
A. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder
B. The Data Manager settings of DCS1
C. A schedule for DCS1
D. A File Server Resource Manager (FSRM) quota on the C:\Logs folder
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 14/09/2015
Based on the actual exam and checked with an Premium account.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution.
Choose two.)
A. 979708BFC04B45259FE0C4150BB6C618
B. 979708BF-C04B-4525-9FE0-C4150BB6C618
C. 00155D000F1300000000000000000000
D. 0000000000000000000000155D000F13
E. 00000000-0000-0000-0000-C4150BB6C618
Correct Answer: BD
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
Use client computer’s media access control (MAC) address preceded with twenty zeros or the globally
unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.
http://technet.microsoft.com/en-us/library/cc754469. aspx
Last update: 13/09/2015
QUESTION 60
You have a server named Server1 that runs Windows Server 2012 R2.
On Server1, you configure a custom Data Collector Set (DCS) named DCS1. DCS1 is configured to store
performance log data in C:\Logs.
You need to ensure that the contents of C:\Logs are deleted automatically when the folder reaches
100 MB in size.
What should you configure?
A. A File Server Resource Manager (FSRM) file screen on the C:\Logs folder
B. The Data Manager settings of DCS1
C. A schedule for DCS1
D. A File Server Resource Manager (FSRM) quota on the C:\Logs folder
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 14/09/2015
Based on the actual exam and checked with an Premium account.
![[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-374.png "[2016 NEW 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
Explanation:
To configure data management for a Data Collector Set
1. In Windows Performance Monitor, expand Data Collector Sets and click User Defined.
2. In the console pane, right-click the name of the Data Collector Set that you want to configure and click
Data Manager.
3. On the Data Manager tab, you can accept the default values or make changes according to your data
retention policy. See the table below for details on each option.
When Minimum free disk or Maximum folders is selected, previous data will be deleted according to the
Resource policy you choose (Delete largest or Delete oldest) when the limit is reached. When Apply policy
before the data collector set starts is selected, previous data will be deleted according to your selections
before the data collector set creates its next log file.
When Maximum root path size is selected, previous data will be deleted according to your selections when
the root log folder size limit is reached.
4. Click the Actions tab. You can accept the default values or make changes. See the table below for
details on each option.
5. When you have finished making your changes, click OK.
To configure data management for a Data Collector Set
1. In Windows Performance Monitor, expand Data Collector Sets and click User Defined.
2. In the console pane, right-click the name of the Data Collector Set that you want to configure and click
Data Manager.
3. On the Data Manager tab, you can accept the default values or make changes according to your data
retention policy. See the table below for details on each option.
When Minimum free disk or Maximum folders is selected, previous data will be deleted according to the
Resource policy you choose (Delete largest or Delete oldest) when the limit is reached. When Apply policy
before the data collector set starts is selected, previous data will be deleted according to your selections
before the data collector set creates its next log file.
When Maximum root path size is selected, previous data will be deleted according to your selections when
the root log folder size limit is reached.
4. Click the Actions tab. You can accept the default values or make changes. See the table below for
details on each option.
5. When you have finished making your changes, click OK.
Latest online browsing the 70-411 exam!
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment