Do you want to pass the 70-411 examsavior exam? What are the new questions of the latest 70-411 exam? Braindumps 70-411 VCE dumps and 70-411 PDF dumps will tell you all about the 70-411 examsavior exam.Here are the examsavior newest and covered all new added questions and answers, which will help you 100% passing 70-411 examsavior exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
QUESTION 81
Your network contains two servers named Served and Server 2. Both servers run Windows Server 2012
R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You plan to create a standard primary zone for ad.contoso.com on Server2.
You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2.
What should you do from Server1?
A. Create a trust anchor named Server2.
B. Create a conditional forward that points to Server2.
C. Add Server2 as a name server.
D. Create a zone delegation that points to Server2.
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate
management of part of your namespace to another location or department in your organization by
delegating the management of the corresponding zone. For more information, see Understanding Zone
Delegation
Your network contains two servers named Served and Server 2. Both servers run Windows Server 2012
R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You plan to create a standard primary zone for ad.contoso.com on Server2.
You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2.
What should you do from Server1?
A. Create a trust anchor named Server2.
B. Create a conditional forward that points to Server2.
C. Add Server2 as a name server.
D. Create a zone delegation that points to Server2.
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate
management of part of your namespace to another location or department in your organization by
delegating the management of the corresponding zone. For more information, see Understanding Zone
Delegation
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-387.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-388.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 82
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012
R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2
hosts a secondary zone for contoso.com. The zone is not configured to notify secondary servers of
changes automatically.
You update several records on Server1.
You need to force the replication of the contoso.com zone records from Server1 to Server2.
What should you do from Server2?
A. Right-click the contoso.com zone and click Reload.
B. Right-click the contoso.com zone and click Transfer from Master.
C. Right-click Server2 and click Update Server Data Files.
D. Right-click Server2 and click Refresh.
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Initiates zone transfer from secondary server
Open DNS; In the console tree, right-click the applicable zone and click Transfer from master.
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012
R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2
hosts a secondary zone for contoso.com. The zone is not configured to notify secondary servers of
changes automatically.
You update several records on Server1.
You need to force the replication of the contoso.com zone records from Server1 to Server2.
What should you do from Server2?
A. Right-click the contoso.com zone and click Reload.
B. Right-click the contoso.com zone and click Transfer from Master.
C. Right-click Server2 and click Update Server Data Files.
D. Right-click Server2 and click Refresh.
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Initiates zone transfer from secondary server
Open DNS; In the console tree, right-click the applicable zone and click Transfer from master.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-390.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
http://technet.microsoft.com/en-us/library/cc779391%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc786985(v=ws.10).aspx
QUESTION 83
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A
Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
A. The Secedit command
B. Group Policy Management Console (GPMC)
C. Server Manager
D. The Gpupdate command
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Explanation:
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their
computer.
Starting with Windows Server® 2012 and Windows® 8, you can now remotely refresh Group Policy
settings for all computers in an OU from one central location through the Group Policy Management
Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of
computers, not limited to the OU structure, for example, if the computers are located in the default
computers container.
http://technet.microsoft.com/en-us/library/cc786985(v=ws.10).aspx
QUESTION 83
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A
Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
A. The Secedit command
B. Group Policy Management Console (GPMC)
C. Server Manager
D. The Gpupdate command
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Explanation:
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their
computer.
Starting with Windows Server® 2012 and Windows® 8, you can now remotely refresh Group Policy
settings for all computers in an OU from one central location through the Group Policy Management
Console (GPMC). Or you can use the Invoke-GPUpdatecmdlet to refresh Group Policy for a set of
computers, not limited to the OU structure, for example, if the computers are located in the default
computers container.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-391.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-392.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
http://technet.microsoft.com/en-us//library/jj134201.aspx
http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-usingremote-
gpupdate.aspx
Last update: 13/09/2015
QUESTION 84
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
A domain controller named DO has the ADMX Migrator tool installed. You have a custom Administrative
Template file on DC1 named Template1.adm.
You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool.
Which action should you run first?
A. Load Template
B. New Policy Setting
C. Generate ADMX from ADM
D. New Category
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The ADMX Migrator provides two conversion methods — through the editor or through a command-line
program. From the ADMX Editor, choose the option to Generate ADMX from ADM. Browse to your ADM
file, and the tool quickly and automatically converts it. You then can open the converted file in the editor to
examine its values and properties and modify it if you wish. The ADMX Migrator Command Window is a
little more complicated; it requires you to type a lengthy command string at a prompt to perform the
conversions. However, it includes some options and flexibility not available in the graphical editor.
http://blogs.technet.com/b/grouppolicy/archive/2012/11/27/group-policy-in-windows-server-2012-usingremote-
gpupdate.aspx
Last update: 13/09/2015
QUESTION 84
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
A domain controller named DO has the ADMX Migrator tool installed. You have a custom Administrative
Template file on DC1 named Template1.adm.
You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool.
Which action should you run first?
A. Load Template
B. New Policy Setting
C. Generate ADMX from ADM
D. New Category
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The ADMX Migrator provides two conversion methods — through the editor or through a command-line
program. From the ADMX Editor, choose the option to Generate ADMX from ADM. Browse to your ADM
file, and the tool quickly and automatically converts it. You then can open the converted file in the editor to
examine its values and properties and modify it if you wish. The ADMX Migrator Command Window is a
little more complicated; it requires you to type a lengthy command string at a prompt to perform the
conversions. However, it includes some options and flexibility not available in the graphical editor.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-393.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 85
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
You create a central store for Group Policy.
You receive a custom administrative template named Template1.admx.
You need to ensure that the settings in Template1.admx appear in all new Group Policy objects
(GPOs).
What should you do?
A. From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.
B. From the Default Domain Policy, add Template1.admx to the Administrative Templates.
C. Copy Template1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\.
D. Copy Template1.admx to \\Contoso.com\NETLOGON.
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises,
administrators can create a central store location of ADMX files that is accessible by anyone with
permission to create or edit GPOs.
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
You create a central store for Group Policy.
You receive a custom administrative template named Template1.admx.
You need to ensure that the settings in Template1.admx appear in all new Group Policy objects
(GPOs).
What should you do?
A. From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.
B. From the Default Domain Policy, add Template1.admx to the Administrative Templates.
C. Copy Template1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\.
D. Copy Template1.admx to \\Contoso.com\NETLOGON.
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises,
administrators can create a central store location of ADMX files that is accessible by anyone with
permission to create or edit GPOs.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-394.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 86
Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP)
is deployed to the domain.
You need to create NAP event trace log files on a client computer.
What should you run?
A. logman
B. Register-ObjectEvent
C. tracert
D. Register-EngineEvent
Correct Answer: A
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
For diagnostic purposes, not only on the NPS Sever, but also on the NAP client a logging trace enabled.
Protocols of the NAP client trace are stored in the Event Trace Log (ETL) format. These are binary files
that can be decoded by Microsoft support personnel for analysis. To enable trace logging on a NAP client:
Open a Eingabeauffordeurng with elevated privileges.
Enter the following command: logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613}
0xFFFFFFFF 9 -o% systemroot% \ tracing \ nap \ QAgentRt.etl -ets
Perform the actions you want to track their expiry.
Enter logman stop QAgentRt -ets a.
Close the command prompt.
QUESTION 87
Your network contains three Network Policy Server (NPS) servers named NPS1, NPS2, and NPS3.
NP51 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server
group named Group1.
You need to ensure that NPS2 receives connection requests. NPS3 must only receive connection
requests if NPS2 is unavailable.
How should you configure Group1?
A. Change the Priority of NPS3 to 10.
B. Change the Weight of NPS2 to 10.
C. Change the Weight of NPS3 to 10.
D. Change the Priority of NPS2 to 10.
Correct Answer: A
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority
level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher
priority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the
highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with
priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so
on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load
balance between them.
QUESTION 88
Your network contains two Active Directory forests named adatum.com and contoso.com. The network
contains three servers. The servers are configured as shown in the following table.
Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP)
is deployed to the domain.
You need to create NAP event trace log files on a client computer.
What should you run?
A. logman
B. Register-ObjectEvent
C. tracert
D. Register-EngineEvent
Correct Answer: A
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
For diagnostic purposes, not only on the NPS Sever, but also on the NAP client a logging trace enabled.
Protocols of the NAP client trace are stored in the Event Trace Log (ETL) format. These are binary files
that can be decoded by Microsoft support personnel for analysis. To enable trace logging on a NAP client:
Open a Eingabeauffordeurng with elevated privileges.
Enter the following command: logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613}
0xFFFFFFFF 9 -o% systemroot% \ tracing \ nap \ QAgentRt.etl -ets
Perform the actions you want to track their expiry.
Enter logman stop QAgentRt -ets a.
Close the command prompt.
QUESTION 87
Your network contains three Network Policy Server (NPS) servers named NPS1, NPS2, and NPS3.
NP51 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server
group named Group1.
You need to ensure that NPS2 receives connection requests. NPS3 must only receive connection
requests if NPS2 is unavailable.
How should you configure Group1?
A. Change the Priority of NPS3 to 10.
B. Change the Weight of NPS2 to 10.
C. Change the Weight of NPS3 to 10.
D. Change the Priority of NPS2 to 10.
Correct Answer: A
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority
level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher
priority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the
highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with
priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so
on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load
balance between them.
QUESTION 88
Your network contains two Active Directory forests named adatum.com and contoso.com. The network
contains three servers. The servers are configured as shown in the following table.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-395.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
You need to ensure that connection requests from adatum.com users are forwarded to Server2 and
connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1? (Each correct answer
presents part of the solution. Choose two.)
A. The Authentication settings
B. The Standard RADIUS Attributes settings
C. The Location Groups condition
D. The Identity Type condition
E. The User Name condition
Correct Answer: AE
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The User Name attribute group contains the User Name attribute. By using this attribute, you can
designate the user name, or a portion of the user name, that must match the user name supplied by the
access client in the RADIUS message. This attribute is a character string that typically contains a realm
name and a user account name. You can use pattern- matching syntax to specify user names.
connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1? (Each correct answer
presents part of the solution. Choose two.)
A. The Authentication settings
B. The Standard RADIUS Attributes settings
C. The Location Groups condition
D. The Identity Type condition
E. The User Name condition
Correct Answer: AE
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
The User Name attribute group contains the User Name attribute. By using this attribute, you can
designate the user name, or a portion of the user name, that must match the user name supplied by the
access client in the RADIUS message. This attribute is a character string that typically contains a realm
name and a user account name. You can use pattern- matching syntax to specify user names.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-396.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
By using this setting, you can override the authentication settings that are configured in all network policies
and you can designate the authentication methods and types that are required to connect to your network.
Forward requests to the following remote RADIUS server group. By using this setting, NPS forwards
connection requests to the remote RADIUS server group that you specify. If the NPS server receives a
valid Access-Accept message that corresponds to the Access-Request message, the connection attempt
is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy
and you can designate the authentication methods and types that are required to connect to your network.
Forward requests to the following remote RADIUS server group. By using this setting, NPS forwards
connection requests to the remote RADIUS server group that you specify. If the NPS server receives a
valid Access-Accept message that corresponds to the Access-Request message, the connection attempt
is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-412.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
Connection request policies are sets of conditions and profile settings that give network administrators
flexibility in configuring how incoming authentication and accounting request messages are handled by the
IAS server. With connection request policies, you can create a series of policies so that some RADIUS
request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS
server) and other types of messages are forwarded to another RADIUS server (IAS is being used as a
RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios.
With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on
the time of day and day of the week, by the realm name in the request, by the type of connection being
requested, by the IP address of the RADIUS client, and so on.
http://technet.microsoft.com/en-us/library/cc757328.aspx
http://technet.microsoft.com/en-us/library/cc753603.aspx
QUESTION 89
You have a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 to create an entry in an event log when the processor usage
exceeds 60 percent.
Which type of data collector should you create?
A. An event trace data collector
B. A performance counter alert
C. A performance counter data collector
D. A configuration data collector
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
Performance alerts notify you when a specified performance counter exceeds your configured threshold by
logging an event to the event log. But rather than notifying you immediately when the counter exceeds the
threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid
unnecessary alerts.
flexibility in configuring how incoming authentication and accounting request messages are handled by the
IAS server. With connection request policies, you can create a series of policies so that some RADIUS
request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS
server) and other types of messages are forwarded to another RADIUS server (IAS is being used as a
RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios.
With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on
the time of day and day of the week, by the realm name in the request, by the type of connection being
requested, by the IP address of the RADIUS client, and so on.
http://technet.microsoft.com/en-us/library/cc757328.aspx
http://technet.microsoft.com/en-us/library/cc753603.aspx
QUESTION 89
You have a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 to create an entry in an event log when the processor usage
exceeds 60 percent.
Which type of data collector should you create?
A. An event trace data collector
B. A performance counter alert
C. A performance counter data collector
D. A configuration data collector
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
Performance alerts notify you when a specified performance counter exceeds your configured threshold by
logging an event to the event log. But rather than notifying you immediately when the counter exceeds the
threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid
unnecessary alerts.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-417.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
Last update: 13/09/2015
QUESTION 90
You have a server that runs Windows Server 2012 R2.
You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012
R2.
You plan to apply several updates to Windows2012.vhd.
You need to mount Wmdows2012.vhd to D:\Mount.
Which tool should you use?
A. Server Manager
B. Device Manager
C. Mountvol
D. Dism
Correct Answer: D
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
You can use the Deployment Image Servicing and Management (DISM) tool to mount a Windows image
from a WIM or VHD file. Mounting an image maps the contents of the image to a directory so that you can
service the image using DISM without booting into the image. You can also perform common file
operations, such as copying, pasting, and editing on a mounted image.
To apply packages and updates to a Windows Embedded Standard 7 image, we recommend creating a
configuration set and then using Deployment Imaging Servicing and Management (DISM) to install that
configuration set. Although DISM can be used to install individual updates to an image, this method carries
some additional risks and is not recommended.
Last update: 13/09/2015
QUESTION 91
Your network contains a domain controller named DC1 that runs Windows Server 2012 R2. You create a
custom Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to collect the following information:
The amount of Active Directory data replicated between DC1 and the other domain controllers
The current values of several registry settings
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose
two.)
A. Event trace data
B. A performance counter alert
C. Configuration data collector
D. A performance counter
Correct Answer: CD
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 14/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent
of capacity.
You can also configure alerts to start applications and performance logs Log the current values of several
registry settings.
System configuration information allows you to record the state of, and changes to, registry keys.
Total free disk space
QUESTION 90
You have a server that runs Windows Server 2012 R2.
You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012
R2.
You plan to apply several updates to Windows2012.vhd.
You need to mount Wmdows2012.vhd to D:\Mount.
Which tool should you use?
A. Server Manager
B. Device Manager
C. Mountvol
D. Dism
Correct Answer: D
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
You can use the Deployment Image Servicing and Management (DISM) tool to mount a Windows image
from a WIM or VHD file. Mounting an image maps the contents of the image to a directory so that you can
service the image using DISM without booting into the image. You can also perform common file
operations, such as copying, pasting, and editing on a mounted image.
To apply packages and updates to a Windows Embedded Standard 7 image, we recommend creating a
configuration set and then using Deployment Imaging Servicing and Management (DISM) to install that
configuration set. Although DISM can be used to install individual updates to an image, this method carries
some additional risks and is not recommended.
Last update: 13/09/2015
QUESTION 91
Your network contains a domain controller named DC1 that runs Windows Server 2012 R2. You create a
custom Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to collect the following information:
The amount of Active Directory data replicated between DC1 and the other domain controllers
The current values of several registry settings
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose
two.)
A. Event trace data
B. A performance counter alert
C. Configuration data collector
D. A performance counter
Correct Answer: CD
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 14/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent
of capacity.
You can also configure alerts to start applications and performance logs Log the current values of several
registry settings.
System configuration information allows you to record the state of, and changes to, registry keys.
Total free disk space
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-418.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-419.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-420.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
Registry settings
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-427.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-428.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
Run a program on alert
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-445.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-451.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
Notes 2 :
The Windows Performance Monitor is an MMC snap-in (Microsoft Management Console), are provided in
the tools for analyzing system performance. From a central console, you can monitor application and
hardware performance in real-time, specify which data you want to collect in logs, define thresholds for
alerts and automatic actions, generate reports, and view older performance data in several ways. With the
Windows Performance Monitor data using data collector sets collected and logged may include
performance indicators, event trace data, and system configuration information (registry key). Depending
on the selected data collection types you various dialog boxes to add data files to your collection rate.
Performance indicators provide data about the system performance.
Performance indicators warnings allow you to run certain actions when exceeding or falling below
certain thresholds.
To log registry settings, system configuration information can be recorded in reports. However, you
must know the exact key that you want to include in the Data Collector Set.
Event trace data provide information about activities and system events are available.
The relevant indicators for measuring the replication traffic of the Active Directory Domain Services, see
the performance object directory service. There are several indicators to measure incoming and
outgoing bytes / s.
http://technet.microsoft.com/en-us/library/cc766404.aspx
QUESTION 92
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows
Deployment Services server role installed.
Server1 contains two boot images and four install images.
You need to ensure that when a computer starts from PXE, the available operating system images
appear in a specific order.
What should you do?
A. Modify the properties of the boot images.
B. Create a new image group.
C. Modify the properties of the install images.
D. Modify the PXE Response Policy.
Correct Answer: C
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Notes:
The Windows Performance Monitor is an MMC snap-in (Microsoft Management Console), are provided in
the tools for analyzing system performance. From a central console, you can monitor application and
hardware performance in real-time, specify which data you want to collect in logs, define thresholds for
alerts and automatic actions, generate reports, and view older performance data in several ways. With the
Windows Performance Monitor data using data collector sets collected and logged may include
performance indicators, event trace data, and system configuration information (registry key). Depending
on the selected data collection types you various dialog boxes to add data files to your collection rate.
Performance indicators provide data about the system performance.
Performance indicators warnings allow you to run certain actions when exceeding or falling below
certain thresholds.
To log registry settings, system configuration information can be recorded in reports. However, you
must know the exact key that you want to include in the Data Collector Set.
Event trace data provide information about activities and system events are available.
The relevant indicators for measuring the replication traffic of the Active Directory Domain Services, see
the performance object directory service. There are several indicators to measure incoming and
outgoing bytes / s.
http://technet.microsoft.com/en-us/library/cc766404.aspx
QUESTION 92
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows
Deployment Services server role installed.
Server1 contains two boot images and four install images.
You need to ensure that when a computer starts from PXE, the available operating system images
appear in a specific order.
What should you do?
A. Modify the properties of the boot images.
B. Create a new image group.
C. Modify the properties of the install images.
D. Modify the PXE Response Policy.
Correct Answer: C
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Notes:
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-454.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
installation images are the operating system images that you deploy to the client computer. Start images
are the images with which you start a client computer to perform an operating system installation. Boot
images contain Windows PE and the Windows Deployment Services client.
The order of the display of images can about the value of priority on the register general are controlled in
the properties of the images:
QUESTION 93
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2012 R2.
An organizational unit (OU) named ResearchServers contains the computer accounts of all research
servers.
All domain users are configured to have a minimum password length of eight characters.
You need to ensure that the minimum password length of the local user accounts on the research
servers in the ResearchServers OU is 10 characters.
What should you do?
A. Configure a local Group Policy object (GPO) on each research server.
B. Create and link a Group Policy object (GPO) to the ResearchServers OU.
C. Create a universal group that contains the research servers. Create a Password Settings object (PSO)
and assign the PSO to the group.
D. Create a global group that contains the research servers. Create a Password Settings object (PSO)
and assign the PSO to the group.
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The password policies a GPO (GPO) that is applied to domain computers are taken over by the domain
computers as a local password policy.
———————–
For a domain, and you are on a member server or a workstation that is joined to the domain:
1. Open Microsoft Management Console (MMC).
2. On the File menu, click Add/Remove Snap-in, and then click Add.
3. Click Group Policy Object Editor, and then click Add.
4. In Select Group Policy Object, click Browse.
5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the appropriate domain, site,
or organizational unit–or create a new one, click OK, and then click Finish.
6. Click Close, and then click OK.
7. In the console tree, click Password Policy.
Where?
Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/
Account Policies/Password Policy
8. In the details pane, right-click the policy setting that you want, and then click Properties.
9. If you are defining this policy setting for the first time, select the Define this policy setting check box.
10. Select the options that you want, and then click OK.
QUESTION 94
Your network contains an Active Directory domain named contoso.com. The domain contains six domain
controllers. The domain controllers are configured as shown in the following table.
are the images with which you start a client computer to perform an operating system installation. Boot
images contain Windows PE and the Windows Deployment Services client.
The order of the display of images can about the value of priority on the register general are controlled in
the properties of the images:
QUESTION 93
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2012 R2.
An organizational unit (OU) named ResearchServers contains the computer accounts of all research
servers.
All domain users are configured to have a minimum password length of eight characters.
You need to ensure that the minimum password length of the local user accounts on the research
servers in the ResearchServers OU is 10 characters.
What should you do?
A. Configure a local Group Policy object (GPO) on each research server.
B. Create and link a Group Policy object (GPO) to the ResearchServers OU.
C. Create a universal group that contains the research servers. Create a Password Settings object (PSO)
and assign the PSO to the group.
D. Create a global group that contains the research servers. Create a Password Settings object (PSO)
and assign the PSO to the group.
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The password policies a GPO (GPO) that is applied to domain computers are taken over by the domain
computers as a local password policy.
———————–
For a domain, and you are on a member server or a workstation that is joined to the domain:
1. Open Microsoft Management Console (MMC).
2. On the File menu, click Add/Remove Snap-in, and then click Add.
3. Click Group Policy Object Editor, and then click Add.
4. In Select Group Policy Object, click Browse.
5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the appropriate domain, site,
or organizational unit–or create a new one, click OK, and then click Finish.
6. Click Close, and then click OK.
7. In the console tree, click Password Policy.
Where?
Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/
Account Policies/Password Policy
8. In the details pane, right-click the policy setting that you want, and then click Properties.
9. If you are defining this policy setting for the first time, select the Define this policy setting check box.
10. Select the options that you want, and then click OK.
QUESTION 94
Your network contains an Active Directory domain named contoso.com. The domain contains six domain
controllers. The domain controllers are configured as shown in the following table.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-457.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
The network contains a server named Server1 that has the Hyper-V server role installed. DC6 is a virtual
machine that is hosted on Server1.
You need to ensure that you can clone DC6.
What should you do?
A. Transfer the schema master to DC6.
B. Transfer the PDC emulator to DC5.
C. Transfer the schema master to DC4.
D. Transfer the PDC emulator to DC2.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
A deployed Windows Server 2012 domain controller (virtualized or physical) that hosts the PDC emulator
role (DC1). To verify whether the PDC emulator role is hosted on a Windows Server 2012 domain
controller, run the following Windows PowerShell command:
Get-ADComputer (Get-ADDomainController -Discover -Service "PrimaryDC").name –
Propertyoperatingsystemversion|fl
http://technet.microsoft.com/en-us/library/hh831734.aspx#steps_deploy_vdc
Last update: 13/09/2015
QUESTION 95
Your network contains an Active Directory domain named contoso.com. Domain controllers run either
Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
A support technician accidentally deletes a user account named User1.
You need to use tombstone reanimation to restore the User1 account.
Which tool should you use?
A. Active Directory Administrative Center
B. Ntdsutil
C. Ldp
D. Esentutl
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
machine that is hosted on Server1.
You need to ensure that you can clone DC6.
What should you do?
A. Transfer the schema master to DC6.
B. Transfer the PDC emulator to DC5.
C. Transfer the schema master to DC4.
D. Transfer the PDC emulator to DC2.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
A deployed Windows Server 2012 domain controller (virtualized or physical) that hosts the PDC emulator
role (DC1). To verify whether the PDC emulator role is hosted on a Windows Server 2012 domain
controller, run the following Windows PowerShell command:
Get-ADComputer (Get-ADDomainController -Discover -Service "PrimaryDC").name –
Propertyoperatingsystemversion|fl
http://technet.microsoft.com/en-us/library/hh831734.aspx#steps_deploy_vdc
Last update: 13/09/2015
QUESTION 95
Your network contains an Active Directory domain named contoso.com. Domain controllers run either
Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
A support technician accidentally deletes a user account named User1.
You need to use tombstone reanimation to restore the User1 account.
Which tool should you use?
A. Active Directory Administrative Center
B. Ntdsutil
C. Ldp
D. Esentutl
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-459.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
Use Ldp.exe to restore a single, deleted Active Directory object This feature takes advantage of the fact
that Active Directory keeps deleted objects in the database for a period of time before physically removing
them. use Ldp.exe to restore a single, deleted Active Directory object
The LPD.exe tool, included with Windows Server 2012, allows users to perform operations against any
LDAP-compatible directory, including Active Directory. LDP is used to view objects stored in Active
Directory along with their metadata, such as security descriptors and replication metadata.
http://www.petri.co.il/manually-undeleting-objects-windows-active-directory-ad.htm
http://www.petri.co.il/manually-undeleting-objects-windows-active-directory-ad.htm
http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx
http://technet.microsoft.com/nl-nl/library/dd379509(v=ws.10).aspx#BKMK_2
http://technet.microsoft.com/en-us/library/hh875546.aspx
http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx
QUESTION 96
Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the
forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10.
On DC10, the disk that contains the SYSVOL folder fails.
You replace the failed disk. You stop the Distributed File System (DFS) Replication service.
You restore the SYSVOL folder.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which tool should you use before you start the DFS Replication service on DC10?
A. Dfsgui.msc
B. Dfsmgmt.msc
C. Adsiedit.msc
D. Ldp
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS)
In the ADSIEDIT. MSC tool modify the following distinguished name (DN) value and attribute on each of
the domain controllers that you want to make non- authoritative:
CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR- LocalSettings,CN=<the server
name>,OU=Domain Controllers,DC=<domain> msDFSR-Enabled=FALSE
Force Active Directory replication throughout the domain.
Run the following command from an elevated command prompt on the same servers that you set as nonauthoritative:
DFSRDIAG POLLAD
You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.
On the same DN from Step 1, set:
msDFSR-Enabled=TRUE
Force Active Directory replication throughout the domain.
Run the following command from an elevated command prompt on the same servers that you set as nonauthoritative:
DFSRDIAG POLLAD
You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That
domain controller has now done a "D2" of SYSVOL.
Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol
(LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.
msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to
query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management
Console (MMC) snap- ins: Active Directory Users and Computers, Active Directory Sites and Services,
Active Directory Domains and Trusts, and Active Directory Schema.
QUESTION 97
Your network contains an Active Directory domain named contoso.com. The domain contains an
organizational unit (OU) named IT and an OU named Sales.
All of the help desk user accounts are located in the IT OU. All of the sales user accounts are located in
the Sales OU. The Sales OU contains a global security group named G_Sales. The IT OU contains a
global security group named G_HelpDesk.
You need to ensure that members of G_HelpDesk can perform the following tasks:
Reset the passwords of the sales users.
Force the sales users to change their password at their next logon.
What should you do?
A. Run the Set-ADAccountPasswordcmdlet and specify the -identity parameter.
B. Right-click the Sales OU and select Delegate Control.
C. Right-click the IT OU and select Delegate Control.
D. Run the Set-ADFineGrainedPasswordPolicycmdlet and specify the -identity parameter.
Correct Answer: B
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
G_HelpDesk members need to be allowed to delegate control on the Sales OU as it contains the sales
users (G_Sales)
You can use the Delegation of Control Wizard to delegate the Reset Password permission to the
delegated user.
that Active Directory keeps deleted objects in the database for a period of time before physically removing
them. use Ldp.exe to restore a single, deleted Active Directory object
The LPD.exe tool, included with Windows Server 2012, allows users to perform operations against any
LDAP-compatible directory, including Active Directory. LDP is used to view objects stored in Active
Directory along with their metadata, such as security descriptors and replication metadata.
http://www.petri.co.il/manually-undeleting-objects-windows-active-directory-ad.htm
http://www.petri.co.il/manually-undeleting-objects-windows-active-directory-ad.htm
http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx
http://technet.microsoft.com/nl-nl/library/dd379509(v=ws.10).aspx#BKMK_2
http://technet.microsoft.com/en-us/library/hh875546.aspx
http://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx
QUESTION 96
Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the
forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10.
On DC10, the disk that contains the SYSVOL folder fails.
You replace the failed disk. You stop the Distributed File System (DFS) Replication service.
You restore the SYSVOL folder.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which tool should you use before you start the DFS Replication service on DC10?
A. Dfsgui.msc
B. Dfsmgmt.msc
C. Adsiedit.msc
D. Ldp
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like "D2" for FRS)
In the ADSIEDIT. MSC tool modify the following distinguished name (DN) value and attribute on each of
the domain controllers that you want to make non- authoritative:
CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR- LocalSettings,CN=<the server
name>,OU=Domain Controllers,DC=<domain> msDFSR-Enabled=FALSE
Force Active Directory replication throughout the domain.
Run the following command from an elevated command prompt on the same servers that you set as nonauthoritative:
DFSRDIAG POLLAD
You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.
On the same DN from Step 1, set:
msDFSR-Enabled=TRUE
Force Active Directory replication throughout the domain.
Run the following command from an elevated command prompt on the same servers that you set as nonauthoritative:
DFSRDIAG POLLAD
You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That
domain controller has now done a "D2" of SYSVOL.
Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol
(LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.
msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to
query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management
Console (MMC) snap- ins: Active Directory Users and Computers, Active Directory Sites and Services,
Active Directory Domains and Trusts, and Active Directory Schema.
QUESTION 97
Your network contains an Active Directory domain named contoso.com. The domain contains an
organizational unit (OU) named IT and an OU named Sales.
All of the help desk user accounts are located in the IT OU. All of the sales user accounts are located in
the Sales OU. The Sales OU contains a global security group named G_Sales. The IT OU contains a
global security group named G_HelpDesk.
You need to ensure that members of G_HelpDesk can perform the following tasks:
Reset the passwords of the sales users.
Force the sales users to change their password at their next logon.
What should you do?
A. Run the Set-ADAccountPasswordcmdlet and specify the -identity parameter.
B. Right-click the Sales OU and select Delegate Control.
C. Right-click the IT OU and select Delegate Control.
D. Run the Set-ADFineGrainedPasswordPolicycmdlet and specify the -identity parameter.
Correct Answer: B
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
G_HelpDesk members need to be allowed to delegate control on the Sales OU as it contains the sales
users (G_Sales)
You can use the Delegation of Control Wizard to delegate the Reset Password permission to the
delegated user.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-463.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
http://support.microsoft.com/kb/296999/en-us
http://technet.microsoft.com/en-us/library/cc732524.aspx
QUESTION 98
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is
located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
What should you do?
A. In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application
information to the file.
B. In the root of a USB flash drive, add the application information to an XML file named
DefaultDCCIoneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the
application information to the file.
D. In C:\Windows\System32\Sysprep\Actionfiles\, add the application information to an XML file named
Respecialize.xml.
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds. dit)
on the source Domain Controller.
http://technet.microsoft.com/en-us/library/cc732524.aspx
QUESTION 98
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is
located in D:\Windows\NTDS\.
All of the domain controllers have a third-party application installed.
The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
What should you do?
A. In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application
information to the file.
B. In the root of a USB flash drive, add the application information to an XML file named
DefaultDCCIoneAllowList.xml.
C. In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the
application information to the file.
D. In C:\Windows\System32\Sysprep\Actionfiles\, add the application information to an XML file named
Respecialize.xml.
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds. dit)
on the source Domain Controller.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-468.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directorydomain-
services-in-windows-server-2012-part-13-domain-controller-cloning.aspx
http://www.thomasmaurer.ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-virtual-domaincontroller
http://technet.microsoft.com/en-us/library/hh831734.aspx
QUESTION 99
Your network contains an Active Directory domain named contoso.com.
You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the
Exhibit button.)
services-in-windows-server-2012-part-13-domain-controller-cloning.aspx
http://www.thomasmaurer.ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-virtual-domaincontroller
http://technet.microsoft.com/en-us/library/hh831734.aspx
QUESTION 99
Your network contains an Active Directory domain named contoso.com.
You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the
Exhibit button.)
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-471.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
You plan to use the User1 account as a service account. The service will forward authentication requests
to other servers.
You need to ensure that you can view the Delegation tab from the properties of the User1 account.
What should you do first?
A. Configure the Name Mappings of User1.
B. Modify the user principal name (UPN) of User1.
C. Configure a Service Principal Name (SPN) for User1.
D. Modify the Security settings of User1.
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
If you cannot see the Delegation tab, do one or both of the following:
Register a Service Principal Name (SPN) for the user account with the Setspn utility in the support tools on
your CD. Delegation is only intended to be used by service accounts, which should have registered SPNs,
as opposed to a regular user account which typically does not have SPNs.
Raise the functional level of your domain to Windows Server 2003. For more information, see Related
Topics.
to other servers.
You need to ensure that you can view the Delegation tab from the properties of the User1 account.
What should you do first?
A. Configure the Name Mappings of User1.
B. Modify the user principal name (UPN) of User1.
C. Configure a Service Principal Name (SPN) for User1.
D. Modify the Security settings of User1.
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
If you cannot see the Delegation tab, do one or both of the following:
Register a Service Principal Name (SPN) for the user account with the Setspn utility in the support tools on
your CD. Delegation is only intended to be used by service accounts, which should have registered SPNs,
as opposed to a regular user account which typically does not have SPNs.
Raise the functional level of your domain to Windows Server 2003. For more information, see Related
Topics.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-472.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q part5(81-100) Exam VCE Dumps For free download with 100%pass ensure")
http://blogs.msdn.com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-isset.
aspx
http://technet.microsoft.com/en-us/library/cc739474(v=ws.10).aspx
QUESTION 100
Your network contains an Active Directory forest named contoso.com. The forest functional level is
Windows Server 2012 R2. The forest contains a single domain.
You create a Password Settings object (PSO) named PSO1.
You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational
unit named OU1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard.
B. From Active Directory Administrative Center, modify the security settings of PSO1.
C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D. From Active Directory Administrative Center, modify the security settings of OU1.
Correct Answer: B
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs,
consider creating global security groups that contain the users from these OUs and then applying the
newly defined finegrained password and account lockout policies to them. If you move a user from one OU
to another, you must update user memberships in the corresponding global security groups.
Go ahead and hit "OK" and then close out of all open windows. Now that you have created a password
policy, we need to apply it to a user/group. In order to do so, you must have "write" permissions on the
PSO object. We’re doing this in a lab, so I’m Domain Admin.
Write permissions are not a problem:
1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active
Directory Users and Computers).
2. On the View menu, ensure that Advanced Features is checked.
3. In the console tree, expand Active Directory Users and Computers\yourdomain\System\Password
Settings Container
4. In the details pane, right-click the PSO, and then click Properties.
5. Click the Attribute Editor tab.
6. Select the msDS-PsoAppliesTo attribute, and then click Edit.
aspx
http://technet.microsoft.com/en-us/library/cc739474(v=ws.10).aspx
QUESTION 100
Your network contains an Active Directory forest named contoso.com. The forest functional level is
Windows Server 2012 R2. The forest contains a single domain.
You create a Password Settings object (PSO) named PSO1.
You need to delegate the rights to apply PSO1 to the Active Directory objects in an organizational
unit named OU1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard.
B. From Active Directory Administrative Center, modify the security settings of PSO1.
C. From Group Policy Management, create a Group Policy object (GPO) and link the GPO to OU1.
D. From Active Directory Administrative Center, modify the security settings of OU1.
Correct Answer: B
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs,
consider creating global security groups that contain the users from these OUs and then applying the
newly defined finegrained password and account lockout policies to them. If you move a user from one OU
to another, you must update user memberships in the corresponding global security groups.
Go ahead and hit "OK" and then close out of all open windows. Now that you have created a password
policy, we need to apply it to a user/group. In order to do so, you must have "write" permissions on the
PSO object. We’re doing this in a lab, so I’m Domain Admin.
Write permissions are not a problem:
1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active
Directory Users and Computers).
2. On the View menu, ensure that Advanced Features is checked.
3. In the console tree, expand Active Directory Users and Computers\yourdomain\System\Password
Settings Container
4. In the details pane, right-click the PSO, and then click Properties.
5. Click the Attribute Editor tab.
6. Select the msDS-PsoAppliesTo attribute, and then click Edit.
Latest online browsing the 70-411 exam!
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment