Do you want to pass the 70-411 exam? What are the new questions of the latest 70-411 exam? Braindumps 70-411 VCE dumps and 70-411 PDF dumps will tell you all about the 70-411 exam.Here are the newest and covered all new added questions and answers, which will help you 100% passing 70-411 exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains a file server
named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.
When users without permission to Share1 attempt to access
Your network contains an Active Directory domain named contoso.com. The domain contains a file server
named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.
When users without permission to Share1 attempt to access
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-334.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
You deploy a new file server named Server2 that runs Windows Server 2012 R2.
You need to configure Server2 to display the same custom Access Denied message as Server1.
What should you install on Server2?
A. The Remote Assistance feature
B. The Storage Services server role
C. The File Server Resource Manager role service
D. The Enhanced Storage feature
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Access-Denied Assistance is a new role service of the File Server role in Windows Server 2012.
You need to configure Server2 to display the same custom Access Denied message as Server1.
What should you install on Server2?
A. The Remote Assistance feature
B. The Storage Services server role
C. The File Server Resource Manager role service
D. The Enhanced Storage feature
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Access-Denied Assistance is a new role service of the File Server role in Windows Server 2012.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-336.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
We need to install the prerequisites for Access-Denied Assistance.
Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each
relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let’s do that quickly with
Windows PowerShell:
Set-FSRMSetting -SMTPServer mailserver. nuggetlab.com -AdminEmailAddress
admingroup@nuggetlab.com -FromEmailAddress admingroup@nuggetlab.com
You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To
my mind, the latter approach is infinitely preferable from an administration standpoint.
Create a new GPO and make sure to target the GPO at your file servers’ Active Directory computer
accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are looking
for the following path to configure Access-Denied Assistance:
\Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance
Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each
relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let’s do that quickly with
Windows PowerShell:
Set-FSRMSetting -SMTPServer mailserver. nuggetlab.com -AdminEmailAddress
admingroup@nuggetlab.com -FromEmailAddress admingroup@nuggetlab.com
You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To
my mind, the latter approach is infinitely preferable from an administration standpoint.
Create a new GPO and make sure to target the GPO at your file servers’ Active Directory computer
accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are looking
for the following path to configure Access-Denied Assistance:
\Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-339.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
The Customize message for Access Denied errors policy, shown in the screenshot below, enables us to
create the actual message box shown to users when they access a shared file to which their user account
has no access.
create the actual message box shown to users when they access a shared file to which their user account
has no access.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-340.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
What’s cool about this policy is that we can "personalize" the e-mail notifications to give us administrators
(and, optionally, file owners) the details they need to resolve the permissions issue quickly and easily.
For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator
e-mail address, and so forth. See this example:
Whoops! It looks like you’re having trouble accessing [Original File Path]. Please click Request Assistance
to send [Admin Email] a help request e-mail message. Thanks!
You should find that your users prefer these human-readable, informative error messages to the cryptic,
non-descript error dialogs they are accustomed to dealing with.
The Enable access-denied assistance on client for all file types policy should be enabled to force client
computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO
scope accordingly to "hit" your domain workstations as well as your Windows Server 2012 file servers.
Testing the configuration
This should come as no surprise to you, but Access-Denied Assistance works only with Windows Server
2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on
your servers to see Access-Denied Assistance messages on server computers.
When a Windows 8 client computer attempts to open a file to which the user has no access, the custom
Access-Denied Assistance message should appear:
(and, optionally, file owners) the details they need to resolve the permissions issue quickly and easily.
For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator
e-mail address, and so forth. See this example:
Whoops! It looks like you’re having trouble accessing [Original File Path]. Please click Request Assistance
to send [Admin Email] a help request e-mail message. Thanks!
You should find that your users prefer these human-readable, informative error messages to the cryptic,
non-descript error dialogs they are accustomed to dealing with.
The Enable access-denied assistance on client for all file types policy should be enabled to force client
computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO
scope accordingly to "hit" your domain workstations as well as your Windows Server 2012 file servers.
Testing the configuration
This should come as no surprise to you, but Access-Denied Assistance works only with Windows Server
2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on
your servers to see Access-Denied Assistance messages on server computers.
When a Windows 8 client computer attempts to open a file to which the user has no access, the custom
Access-Denied Assistance message should appear:
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-342.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
At the end of this process, the administrator(s) will receive an e-mail message that contains the key
information they need in order to resolve the access problem:
The user’s Active Directory identity
The full path to the problematic file
A user-generated explanation of the problem
So that’s it, friends! Access-Denied Assistance presents Windows systems administrators with an easy-tomanage
method for more efficiently resolving user access problems on shared file system resources. Of
course, the key caveat is that your file servers must run Windows Server 2012 and your client devices
must run Windows 8, but other than that, this is a great technology that should save admins extra work and
end-users extra headaches.
http://4sysops.com/archives/access-denied-assistance-in-windows-server-2012/
QUESTION 22
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server
Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an
email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for
Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access
Folder1, an email notification is sent to a distribution list named DL2.
The solution must not prevent DL1 from receiving notifications about other access-denied
messages.
What should you do?
A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB
Share – Advanced option.
B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C. From the File Server Resource Manager console, modify the Email Notifications settings. (configure the
e-mail address of the folder owner)
D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB
Share -Applications option.
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Change the answer!
Explanation:
When using the email model each of the file shares, you can determine whether access requests to each
file share will be received by the administrator, a distribution list that represents the file share owners, or
both.
The owner distribution list is configured by using the SMB Share ?Advanced file share profile in the New
Share Wizard in Server Manager.
http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12
QUESTION 23
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the
deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted
groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was
deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Mount the most recent Active Directory backup.
B. Reactivate the tombstone of Group1.
C. Perform an authoritative restore of Group1.
D. Use the Recycle Bin to restore Group1.
Correct Answer: A
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Note:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects.
If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future.
In other words, there is no rollback capacity for changes to object properties, or, in other words, to the
values of these properties.
Note 2:
It is not about the restoration of Group1. There are only the membership of the group will be consulted at
an earlier stage. For this purpose, an Active Directory snapshot can be used allows read access to a
previous state of the Active Directory database.
QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains six domain
controllers. The domain controllers are configured as shown in the following table.
information they need in order to resolve the access problem:
The user’s Active Directory identity
The full path to the problematic file
A user-generated explanation of the problem
So that’s it, friends! Access-Denied Assistance presents Windows systems administrators with an easy-tomanage
method for more efficiently resolving user access problems on shared file system resources. Of
course, the key caveat is that your file servers must run Windows Server 2012 and your client devices
must run Windows 8, but other than that, this is a great technology that should save admins extra work and
end-users extra headaches.
http://4sysops.com/archives/access-denied-assistance-in-windows-server-2012/
QUESTION 22
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server
Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an
email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for
Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access
Folder1, an email notification is sent to a distribution list named DL2.
The solution must not prevent DL1 from receiving notifications about other access-denied
messages.
What should you do?
A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB
Share – Advanced option.
B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C. From the File Server Resource Manager console, modify the Email Notifications settings. (configure the
e-mail address of the folder owner)
D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB
Share -Applications option.
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Change the answer!
Explanation:
When using the email model each of the file shares, you can determine whether access requests to each
file share will be received by the administrator, a distribution list that represents the file share owners, or
both.
The owner distribution list is configured by using the SMB Share ?Advanced file share profile in the New
Share Wizard in Server Manager.
http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12
QUESTION 23
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the
deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted
groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was
deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Mount the most recent Active Directory backup.
B. Reactivate the tombstone of Group1.
C. Perform an authoritative restore of Group1.
D. Use the Recycle Bin to restore Group1.
Correct Answer: A
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Note:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects.
If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future.
In other words, there is no rollback capacity for changes to object properties, or, in other words, to the
values of these properties.
Note 2:
It is not about the restoration of Group1. There are only the membership of the group will be consulted at
an earlier stage. For this purpose, an Active Directory snapshot can be used allows read access to a
previous state of the Active Directory database.
QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains six domain
controllers. The domain controllers are configured as shown in the following table.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-344.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtual
machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Rid master
B. Domain naming master
C. PDC emulator
D. Infrastructure master
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The clone domain controller uses the security context of the source domain controller (the domain
controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller
(PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO).
The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a
hypervisor.
http://technet.microsoft.com/en-us/library/hh831734.aspx
QUESTION 25
Your network contains an Active Directory domain named contoso.com. All domain controllers run either
Windows Server 2008 or Windows Server 2008 R2.
You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.
You log on to DC1 by using an account that is a member of the Domain Admins group.
You discover that you cannot create Password Settings objects (PSOs) by using Active Directory
Administrative Center.
You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?
A. Modify the membership of the Group Policy Creator Owners group.
B. Transfer the PDC emulator operations master role to DC1.
C. Upgrade all of the domain controllers that run Window Server 2008.
D. Raise the functional level of the domain.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
Fine-grained password policies allow you to specify multiple password policies within a single domain so
that you can apply different restrictions for password and account lockout policies to different sets of users
in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows
Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO).
You then configure the same settings that you configure for the password and account lockout policies.
You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory
Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
http://technet.microsoft.com/en-us//library/cc754461%28v=ws.10%29.aspx
Last update: 13/09/2015
QUESTION 26
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is
Windows Server 2008 R2.
All of the user accounts in the marketing department are members of a group named Contoso
\MarketingUsers. All of the computer accounts in the marketing department are members of a group
named Contoso\MarketingComputers.
A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named
Computer1 is a member of the Contoso\MarketingComputers group.
You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?
A. Rid master
B. Domain naming master
C. PDC emulator
D. Infrastructure master
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The clone domain controller uses the security context of the source domain controller (the domain
controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller
(PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO).
The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a
hypervisor.
http://technet.microsoft.com/en-us/library/hh831734.aspx
QUESTION 25
Your network contains an Active Directory domain named contoso.com. All domain controllers run either
Windows Server 2008 or Windows Server 2008 R2.
You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.
You log on to DC1 by using an account that is a member of the Domain Admins group.
You discover that you cannot create Password Settings objects (PSOs) by using Active Directory
Administrative Center.
You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?
A. Modify the membership of the Group Policy Creator Owners group.
B. Transfer the PDC emulator operations master role to DC1.
C. Upgrade all of the domain controllers that run Window Server 2008.
D. Raise the functional level of the domain.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
Fine-grained password policies allow you to specify multiple password policies within a single domain so
that you can apply different restrictions for password and account lockout policies to different sets of users
in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows
Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO).
You then configure the same settings that you configure for the password and account lockout policies.
You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory
Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
http://technet.microsoft.com/en-us//library/cc754461%28v=ws.10%29.aspx
Last update: 13/09/2015
QUESTION 26
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is
Windows Server 2008 R2.
All of the user accounts in the marketing department are members of a group named Contoso
\MarketingUsers. All of the computer accounts in the marketing department are members of a group
named Contoso\MarketingComputers.
A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named
Computer1 is a member of the Contoso\MarketingComputers group.
You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-346.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
When User1 logs on to Computer1 and attempts to change her password, she receives an error message
indicating that her password is too short.
You need to tell User1 what her minimum password length is.
What should you tell User1?
A. 10
B. 11
C. 12
D. 14
Correct Answer: A
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In this case, the
PSO that has the precedence value of 2 has a higher rank and, hence, is applied to the object.
Last update: 13/09/2015
QUESTION 27
Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle
bin is enabled for contoso.com.
A support technician accidentally deletes a user account named User1. You need to restore the User1
account.
Which tool should you use?
A. Ldp
B. Esentutl
C. Active Directory Administrative Center
D. Ntdsutil
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
QUESTION 28
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the
following table.
indicating that her password is too short.
You need to tell User1 what her minimum password length is.
What should you tell User1?
A. 10
B. 11
C. 12
D. 14
Correct Answer: A
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In this case, the
PSO that has the precedence value of 2 has a higher rank and, hence, is applied to the object.
Last update: 13/09/2015
QUESTION 27
Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle
bin is enabled for contoso.com.
A support technician accidentally deletes a user account named User1. You need to restore the User1
account.
Which tool should you use?
A. Ldp
B. Esentutl
C. Active Directory Administrative Center
D. Ntdsutil
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
QUESTION 28
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the
following table.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-347.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group
named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Recover the items by using Active Directory Recycle Bin.
B. Modify the is Recycled attribute of Group1.
C. Perform tombstone reanimation.
D. Perform an authoritative restore.
E. Change the attribute isRecycled in the properties of Group1.
F. Perform a non-authoritative restore.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The following example sets NTDS as the active instance:
ntdsutil: activate instance ntds
The following example is another way to set NTDS as the active instance:
ntdsutil: ac in ntds
The following example mounts a snapshot that has the GUID 8ec8ff74-c0d7-435a-b6b1-54ef185926be:
snapshot: mount {8ec8ff74-c0d7-435a-b6b1-54ef185926be}
The following example unmounts the same snapshot:
snapshot: unmount {8ec8ff74-c0d7-435a-b6b1-54ef185926be}
The following example lists the mounted snapshots:
snapshot: list mounted
QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only
domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the
software on RODC1.
The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C. From a command prompt, run the dsmgmt local roles command.
D. From Active Directory Users and Computers, configure the Member Of settings of the RODC1
account.
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of RODC is that
you can add local administrators who do not have full access to the domain administration. This gives them
the ability to manage the server but not add or change active directory objects unless those roles are
delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
QUESTION 30
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?
A. Run the dsamain.exe command.
B. Stop the Active Directory Domain Services (AD DS) service.
C. Start the Volume Shadow Copy Service (VSS).
D. Run the ntdsutil.exe command.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight
Directory Access Protocol (LDAP) server.
Notes:
In order to connect to the mounted snapshot AD must first be used the command-line utility Dsamain.exe.
Dsamain linked the snapshot with a TCP port for the protocols LDAP, LDAP over SSL, GC LDAP and GC
LDAP over SSL.
Dsamain installs 2012 R2 automatically Active with the server roles Directory Domain Services or Active
Directory Lightweight Directory Services in Windows Server.
After Using Dsamain You can use any GUI tool, such as Active Directory Users and Computers, Adsiedit,
LDP.exe or other use in order to connect to the snapshot. Even command line programs such as LDIFDE
or CSVDE can then be used.
http://technet.microsoft.com/en-us/library/cc772168.aspx
QUESTION 31
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2.
DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the
contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com
domain object.
B. From Active Directory Administrative Center, pre-create an RODC computer account.
C. From Ntdsutil, run the local roles command.
D. Join DC10 to the domain. Run dsmod and specify the /server switch.
Correct Answer: B
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1. Staging an unoccupied computer account
2. Attaching an RODC to that account during promotion
Reference:
Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)
QUESTION 32
Your network contains an Active Directory domain named contoso.com. The domain contains more than
100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Correct Answer: I
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The Set-GPLinkcmdlet sets the properties of a GPO link.
You can set the following properties:
Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed
for the site, domain or OU.
Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing
hierarchy) container.
Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in
other GPOs that are linked (and enabled) to the same site, domain, or OU.
http://technet.microsoft.com/en-us/library/ee461022.aspx
Note2:
The cmdlet Set-GPLink configure the properties of a GPO link. The following exemplary call sets for GPO1
the link order 2 fixed:
Set-GPLink -Name GPO1 -Domain certbase.de -Target "dc=certbase, dc=de" -Order 2
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains more than
100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
A network administrator accidentally deletes the Default Domain Policy GPO.
You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Correct Answer: A
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Dcgpofix
Restores the default Group Policy objects to their original state (that is, the default state after initial
installation).
Notes:
This command-line tool Dcgpofix.exe sets the default Group Policy objects (GPO) Default Domain Policy
and Default Domain Controllers Policy to your original default settings or re-creates, if they no longer exist.
The following command will create the default Policy new or sets they on their default settings: Dcgpofix /
Target:
http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx
QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains more than
100 Group Policy objects (GPOs). Currently, there are no enforced
GPOs.
The domain contains a top-level organizational unit (OU) for each department. A group named Group1
contains members from each department.
You have a GPO named GPO1 that is linked to the domain.
You need to configure GPO1 to apply settings to Group1 only.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Correct Answer: J
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer)
for one GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify
a user, security group, or computer for which to set the permission level.
-Replace <SwitchParameter>
Specifies that the existing permission level for the group or user is removed before the new permission
level is set. If a security principal is already granted a permission level that is higher than the specified
permission level and you do not use the Replace parameter, no change is made.
http://technet.microsoft.com/en-us/library/ee461038.aspx
QUESTION 35
Your network contains an Active Directory domain named contoso.com. The domain contains more than
100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
The domain is renamed to adatum.com.
Group Policies no longer function correctly.
You need to ensure that the existing GPOs are applied to users and computers. You want to achieve
this goal by using the minimum amount of administrative effort.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Notes:
The domain name is embedded in the GPOs and GPO links and is not automatically adjusted at a
Domänenumbennenung. The command-line utility provides Gpfixup.exe call after a domain rename for
adapting these references.
Example: Gpfixup.exe /olddns:certbase.de /newdns:traincert.eu / oldnb: certbase / newnb: traincert
Explanation:
You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and
Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and
NetBIOS names after a domain rename operation.
http://technet.microsoft.com/en-us/library/hh852336(v=ws.10).aspx
QUESTION 36
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You log on to Server1 by using a user account named User2.
From the Remote Access Management Console, you run the Getting Started Wizard and you receive a
warning message as shown in the exhibit. (Click the Exhibit button.)
You discover that a support technician accidentally removed 100 users from an Active Directory group
named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Recover the items by using Active Directory Recycle Bin.
B. Modify the is Recycled attribute of Group1.
C. Perform tombstone reanimation.
D. Perform an authoritative restore.
E. Change the attribute isRecycled in the properties of Group1.
F. Perform a non-authoritative restore.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The following example sets NTDS as the active instance:
ntdsutil: activate instance ntds
The following example is another way to set NTDS as the active instance:
ntdsutil: ac in ntds
The following example mounts a snapshot that has the GUID 8ec8ff74-c0d7-435a-b6b1-54ef185926be:
snapshot: mount {8ec8ff74-c0d7-435a-b6b1-54ef185926be}
The following example unmounts the same snapshot:
snapshot: unmount {8ec8ff74-c0d7-435a-b6b1-54ef185926be}
The following example lists the mounted snapshots:
snapshot: list mounted
QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only
domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the
software on RODC1.
The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C. From a command prompt, run the dsmgmt local roles command.
D. From Active Directory Users and Computers, configure the Member Of settings of the RODC1
account.
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of RODC is that
you can add local administrators who do not have full access to the domain administration. This gives them
the ability to manage the server but not add or change active directory objects unless those roles are
delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
QUESTION 30
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?
A. Run the dsamain.exe command.
B. Stop the Active Directory Domain Services (AD DS) service.
C. Start the Volume Shadow Copy Service (VSS).
D. Run the ntdsutil.exe command.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight
Directory Access Protocol (LDAP) server.
Notes:
In order to connect to the mounted snapshot AD must first be used the command-line utility Dsamain.exe.
Dsamain linked the snapshot with a TCP port for the protocols LDAP, LDAP over SSL, GC LDAP and GC
LDAP over SSL.
Dsamain installs 2012 R2 automatically Active with the server roles Directory Domain Services or Active
Directory Lightweight Directory Services in Windows Server.
After Using Dsamain You can use any GUI tool, such as Active Directory Users and Computers, Adsiedit,
LDP.exe or other use in order to connect to the snapshot. Even command line programs such as LDIFDE
or CSVDE can then be used.
http://technet.microsoft.com/en-us/library/cc772168.aspx
QUESTION 31
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2.
DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the
contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com
domain object.
B. From Active Directory Administrative Center, pre-create an RODC computer account.
C. From Ntdsutil, run the local roles command.
D. Join DC10 to the domain. Run dsmod and specify the /server switch.
Correct Answer: B
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1. Staging an unoccupied computer account
2. Attaching an RODC to that account during promotion
Reference:
Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)
QUESTION 32
Your network contains an Active Directory domain named contoso.com. The domain contains more than
100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Correct Answer: I
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The Set-GPLinkcmdlet sets the properties of a GPO link.
You can set the following properties:
Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed
for the site, domain or OU.
Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing
hierarchy) container.
Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in
other GPOs that are linked (and enabled) to the same site, domain, or OU.
http://technet.microsoft.com/en-us/library/ee461022.aspx
Note2:
The cmdlet Set-GPLink configure the properties of a GPO link. The following exemplary call sets for GPO1
the link order 2 fixed:
Set-GPLink -Name GPO1 -Domain certbase.de -Target "dc=certbase, dc=de" -Order 2
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains more than
100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
A network administrator accidentally deletes the Default Domain Policy GPO.
You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Correct Answer: A
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Dcgpofix
Restores the default Group Policy objects to their original state (that is, the default state after initial
installation).
Notes:
This command-line tool Dcgpofix.exe sets the default Group Policy objects (GPO) Default Domain Policy
and Default Domain Controllers Policy to your original default settings or re-creates, if they no longer exist.
The following command will create the default Policy new or sets they on their default settings: Dcgpofix /
Target:
http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx
QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains more than
100 Group Policy objects (GPOs). Currently, there are no enforced
GPOs.
The domain contains a top-level organizational unit (OU) for each department. A group named Group1
contains members from each department.
You have a GPO named GPO1 that is linked to the domain.
You need to configure GPO1 to apply settings to Group1 only.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Correct Answer: J
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer)
for one GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify
a user, security group, or computer for which to set the permission level.
-Replace <SwitchParameter>
Specifies that the existing permission level for the group or user is removed before the new permission
level is set. If a security principal is already granted a permission level that is higher than the specified
permission level and you do not use the Replace parameter, no change is made.
http://technet.microsoft.com/en-us/library/ee461038.aspx
QUESTION 35
Your network contains an Active Directory domain named contoso.com. The domain contains more than
100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
The domain is renamed to adatum.com.
Group Policies no longer function correctly.
You need to ensure that the existing GPOs are applied to users and computers. You want to achieve
this goal by using the minimum amount of administrative effort.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Notes:
The domain name is embedded in the GPOs and GPO links and is not automatically adjusted at a
Domänenumbennenung. The command-line utility provides Gpfixup.exe call after a domain rename for
adapting these references.
Example: Gpfixup.exe /olddns:certbase.de /newdns:traincert.eu / oldnb: certbase / newnb: traincert
Explanation:
You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and
Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and
NetBIOS names after a domain rename operation.
http://technet.microsoft.com/en-us/library/hh852336(v=ws.10).aspx
QUESTION 36
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You log on to Server1 by using a user account named User2.
From the Remote Access Management Console, you run the Getting Started Wizard and you receive a
warning message as shown in the exhibit. (Click the Exhibit button.)
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-352.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
You need to ensure that you can configure DirectAccess successfully. The solution must minimize
the number of permissions assigned to User2.
To which group should you add User2?
A. Enterprise Admins
B. Administrators
C. Account Operators
D. Server Operators
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
You must have privileges to create WMI filters in the domain in which you want to create the filter.
Permissions can be changed by adding a user to the Administrators group.
Administrators (A built-in group)
After the initial installation of the operating system, the only member of the group is the Administrator
account. When a computer joins a domain, the Domain Admins group is added to the Administrators
group. When a server becomes a domain controller, the Enterprise Admins group also is added to the
Administrators group. The Administrators group has built-in capabilities that give its members full control
over the system. The group is the default owner of any object that is created by a member of the group.
This example logs in as a test user who is not a domain user or an administrator on the server. This results
in the error specifying that DA can only be configured by a user with local administrator permissions.
http://technet.microsoft.com/en-us/library/cc780416(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc775497(v=ws.10).aspx
QUESTION 37
Your network contains an Active Directory domain named contoso.com.
You need to install and configure the Web Application Proxy role service.
What should you do?
A. Install the Active Directory Federation Services server role and the Remote Access server role on
different servers.
B. Install the Active Directory Federation Services server role and the Remote Access server role on the
same server.
C. Install the Web Server (IIS) server role and the Application Server server role on the same server.
D. Install the Web Server (IIS) server role and the Application Server server role on different servers.
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Web Application Proxy is a new Remote Access role service in Windows Server® 2012 R2.
the number of permissions assigned to User2.
To which group should you add User2?
A. Enterprise Admins
B. Administrators
C. Account Operators
D. Server Operators
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
You must have privileges to create WMI filters in the domain in which you want to create the filter.
Permissions can be changed by adding a user to the Administrators group.
Administrators (A built-in group)
After the initial installation of the operating system, the only member of the group is the Administrator
account. When a computer joins a domain, the Domain Admins group is added to the Administrators
group. When a server becomes a domain controller, the Enterprise Admins group also is added to the
Administrators group. The Administrators group has built-in capabilities that give its members full control
over the system. The group is the default owner of any object that is created by a member of the group.
This example logs in as a test user who is not a domain user or an administrator on the server. This results
in the error specifying that DA can only be configured by a user with local administrator permissions.
http://technet.microsoft.com/en-us/library/cc780416(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc775497(v=ws.10).aspx
QUESTION 37
Your network contains an Active Directory domain named contoso.com.
You need to install and configure the Web Application Proxy role service.
What should you do?
A. Install the Active Directory Federation Services server role and the Remote Access server role on
different servers.
B. Install the Active Directory Federation Services server role and the Remote Access server role on the
same server.
C. Install the Web Server (IIS) server role and the Application Server server role on the same server.
D. Install the Web Server (IIS) server role and the Application Server server role on different servers.
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Web Application Proxy is a new Remote Access role service in Windows Server® 2012 R2.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-357.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 38
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1. Server1 is configured as a VPN server.
You need to configure Server1 to perform network address translation (NAT).
What should you do?
A. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network
adapter.
B. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network
adapter.
C. From Routing and Remote Access, add an IPv6 routing protocol.
D. From Routing and Remote Access, add an IPv4 routing protocol.
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
To configure an existing RRAS server to support both VPN remote access and NAT routing:
1. Open Server Manager.
2. Expand Roles, and then expand Network Policy and Access Services.
3. Right-click Routing and Remote Access, and then click Properties.
4. Select IPv4 Remote access Server or IPv6 Remote access server, or both.
QUESTION 39
You have a DNS server named Served that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the
DNS Server service on Server1.
What should you run?
A. Show-DNSServerCache
B. nslookup.exe
C. ipconfig.exe /displaydns
D. dnscacheugc.exe
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in
the following format: Name, ResourceRecordData, Time-to-Live (TTL).
QUESTION 40
You have a DNS server named DN51 that runs Windows Server 2012 R2.
On DNS1, you create a standard primary DNS zone named adatum.com.
You need to change the frequency that secondary name servers will replicate the zone from DNS1.
Which type of DNS record should you modify?
A. Name server (NS)
B. Start of authority (SOA)
C. Host information (HINFO)
D. Service location (SRV)
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The time to live is specified in the Start of Authority (SOA) record
Note: TTL (time to live) – The number of seconds a domain name is cached locally before expiration and
return to authoritative nameservers for updated information.
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1. Server1 is configured as a VPN server.
You need to configure Server1 to perform network address translation (NAT).
What should you do?
A. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network
adapter.
B. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network
adapter.
C. From Routing and Remote Access, add an IPv6 routing protocol.
D. From Routing and Remote Access, add an IPv4 routing protocol.
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
To configure an existing RRAS server to support both VPN remote access and NAT routing:
1. Open Server Manager.
2. Expand Roles, and then expand Network Policy and Access Services.
3. Right-click Routing and Remote Access, and then click Properties.
4. Select IPv4 Remote access Server or IPv6 Remote access server, or both.
QUESTION 39
You have a DNS server named Served that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the
DNS Server service on Server1.
What should you run?
A. Show-DNSServerCache
B. nslookup.exe
C. ipconfig.exe /displaydns
D. dnscacheugc.exe
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in
the following format: Name, ResourceRecordData, Time-to-Live (TTL).
QUESTION 40
You have a DNS server named DN51 that runs Windows Server 2012 R2.
On DNS1, you create a standard primary DNS zone named adatum.com.
You need to change the frequency that secondary name servers will replicate the zone from DNS1.
Which type of DNS record should you modify?
A. Name server (NS)
B. Start of authority (SOA)
C. Host information (HINFO)
D. Service location (SRV)
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The time to live is specified in the Start of Authority (SOA) record
Note: TTL (time to live) – The number of seconds a domain name is cached locally before expiration and
return to authoritative nameservers for updated information.
Latest online browsing the 70-411 exam!
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment