Do you want to pass the 70-411 examsavior exam? What are the new questions of the latest 70-411 exam? Braindumps 70-411 VCE dumps and 70-411 PDF dumps will tell you all about the 70-411 examsavior exam.Here are the examsavior newest and covered all new added questions and answers, which will help you 100% passing 70-411 examsavior exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
QUESTION 41
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2. One of the domain controllers is named DC1.
The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings.
A server named Server1 is a DNS server that runs a UNIX-based operating system.
You plan to use Server1 as a secondary DNS server for the contoso.com zone.
You need to ensure that Server1 can host a secondary copy of the contoso.com zone.
What should you do?
A. From DNS Manager, modify the Advanced settings of DC1.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify the contoso.com zone
as a target.
D. From DNS Manager, modify the Security settings of DC1.
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
There are two ways that a secondary DNS server can be added. In both scenarios you will need to add the
new server to the Forwarders list of the primary Domain Controller.
1. The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name System (DNS)
server.
2. From the primary server, open DNS Manager, right click on the server name and select Properties. Click
on the Forwarders tab and click the Edit button in the middle of the dialogue box.
QUESTION 42
Your network contains an Active Directory domain named contoso.com. The domain contains domain
controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows
Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1
prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Perform an authoritative restore of Group1.
B. Mount the most recent Active Directory backup.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
Correct Answer: A
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object
itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future.
In other words, there is no rollback capacity for changes to object properties, or, in other words, to the
values of these properties. There is another approach you should be aware of. Tombstone reanimation
(which has nothing to do with zombies) provides the only way to recover deleted objects without taking a
DC offline, and it’s the only way to recover a deleted object’s identity information, such as its objectGUID
and objectSid attributes.
It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access
control list (ACL) references, which contain the objectSid of the deleted object.
Restores domain controllers to a specific point in time, and marks objects in Active Directory as being
authoritative with respect to their replication partners.
QUESTION 43
Your network contains an Active Directory domain named adatum.com. All domain controllers run
Windows Server 2012 R2. The domain contains a virtual machine named DC2.
On DC2, you run Get-ADDCCIoningExcludedApplicationList and receive the output shown in the
following table.
You need to ensure that you can clone DC2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2. One of the domain controllers is named DC1.
The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings.
A server named Server1 is a DNS server that runs a UNIX-based operating system.
You plan to use Server1 as a secondary DNS server for the contoso.com zone.
You need to ensure that Server1 can host a secondary copy of the contoso.com zone.
What should you do?
A. From DNS Manager, modify the Advanced settings of DC1.
B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C. From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify the contoso.com zone
as a target.
D. From DNS Manager, modify the Security settings of DC1.
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
There are two ways that a secondary DNS server can be added. In both scenarios you will need to add the
new server to the Forwarders list of the primary Domain Controller.
1. The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name System (DNS)
server.
2. From the primary server, open DNS Manager, right click on the server name and select Properties. Click
on the Forwarders tab and click the Edit button in the middle of the dialogue box.
QUESTION 42
Your network contains an Active Directory domain named contoso.com. The domain contains domain
controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows
Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1
prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Perform an authoritative restore of Group1.
B. Mount the most recent Active Directory backup.
C. Use the Recycle Bin to restore Group1.
D. Reactivate the tombstone of Group1.
Correct Answer: A
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object
itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future.
In other words, there is no rollback capacity for changes to object properties, or, in other words, to the
values of these properties. There is another approach you should be aware of. Tombstone reanimation
(which has nothing to do with zombies) provides the only way to recover deleted objects without taking a
DC offline, and it’s the only way to recover a deleted object’s identity information, such as its objectGUID
and objectSid attributes.
It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access
control list (ACL) references, which contain the objectSid of the deleted object.
Restores domain controllers to a specific point in time, and marks objects in Active Directory as being
authoritative with respect to their replication partners.
QUESTION 43
Your network contains an Active Directory domain named adatum.com. All domain controllers run
Windows Server 2012 R2. The domain contains a virtual machine named DC2.
On DC2, you run Get-ADDCCIoningExcludedApplicationList and receive the output shown in the
following table.
You need to ensure that you can clone DC2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-423.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Correct Answer: AE
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Because domain controllers provide a distributed environment, you could not safely clone an Active
Directory domain controller in the past.
Before, if you cloned any server, the server would end up with the same domain or forest, which is
unsupported with the same domain or forest. You would then have to run sysprep, which would remove the
unique security information before cloning and then promote a domain controller manually. When you
clone a domain controller, you perform safe cloning, which a cloned domain controller automatically runs a
subset of the sysprep process and promotes the server to a domain controller automatically.
The four primary steps to deploy a cloned virtualized domain controller are as follows:
Grant the source virtualized domain controller the permission to be cloned by adding the source virtualized
domain controller to the Cloneable Domain Controllers group.
Run Get-ADDCCloningExcludedApplicationListcmdlet in Windows PowerShell to determine which
services and applications on the domain controller are not compatible with the cloning.
Run New-ADDCCloneConfigFile to create the clone configuration file, which is stored in the C:\Windows
\NTDS.
In Hyper-V, export and then import the virtual machine of the source domain controller.
Run Get-ADDCCloningExcludedApplicationListcmdlet In this procedure, run the Get-
ADDCCloningExcludedApplicationListcmdlet on the source virtualized domain controller to identify any
programs or services that are not evaluated for cloning. You need to run the Get-
ADDCCloningExcludedApplicationListcmdlet before the New- ADDCCloneConfigFilecmdlet because
if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a
DCCloneConfig.xml file. To identify applications or services that run on a source domain controller which
have not been evaluated for cloning Get-ADDCCloningExcludedApplicationList
Get-ADDCCloningExcludedApplicationList -GenerateXml
The clone domain controller will be located in the same site as the source domain controller unless a
different site is specified in the DCCloneConfig.xml file.
Note:
The Get-ADDCCloningExcludedApplicationListcmdlet searches the local domain controller for
programs and services in the installed programs database, the services control manager that are not
specified in the default and user defined inclusion list. The applications in the resulting list can be added to
the user defined exclusion list if they are determined to support cloning. If the applications are not
cloneable, they should be removed from the source domain controller before the clone media is created.
Any application that appears in cmdlet output and is not included in the user defined inclusion list will force
cloning to fail.
The Get-ADDCCloningExcludedApplicationListcmdlet needs to be run before the New-
ADDCCloneConfigFilecmdlet is used because if the New-ADDCCloneConfigFilecmdlet detects an
excluded application, it will not create a DCCloneConfig.xml file.
DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take
when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This
file can be generated in a few different ways.
The New-ADDCCloneConfigcmdlet in PowerShell
By hand with an XML editor
By editing an existing config file, again with an XML editor (Notepad is not an XML editor.)
B. Option B
C. Option C
D. Option D
E. Option E
Correct Answer: AE
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Because domain controllers provide a distributed environment, you could not safely clone an Active
Directory domain controller in the past.
Before, if you cloned any server, the server would end up with the same domain or forest, which is
unsupported with the same domain or forest. You would then have to run sysprep, which would remove the
unique security information before cloning and then promote a domain controller manually. When you
clone a domain controller, you perform safe cloning, which a cloned domain controller automatically runs a
subset of the sysprep process and promotes the server to a domain controller automatically.
The four primary steps to deploy a cloned virtualized domain controller are as follows:
Grant the source virtualized domain controller the permission to be cloned by adding the source virtualized
domain controller to the Cloneable Domain Controllers group.
Run Get-ADDCCloningExcludedApplicationListcmdlet in Windows PowerShell to determine which
services and applications on the domain controller are not compatible with the cloning.
Run New-ADDCCloneConfigFile to create the clone configuration file, which is stored in the C:\Windows
\NTDS.
In Hyper-V, export and then import the virtual machine of the source domain controller.
Run Get-ADDCCloningExcludedApplicationListcmdlet In this procedure, run the Get-
ADDCCloningExcludedApplicationListcmdlet on the source virtualized domain controller to identify any
programs or services that are not evaluated for cloning. You need to run the Get-
ADDCCloningExcludedApplicationListcmdlet before the New- ADDCCloneConfigFilecmdlet because
if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a
DCCloneConfig.xml file. To identify applications or services that run on a source domain controller which
have not been evaluated for cloning Get-ADDCCloningExcludedApplicationList
Get-ADDCCloningExcludedApplicationList -GenerateXml
The clone domain controller will be located in the same site as the source domain controller unless a
different site is specified in the DCCloneConfig.xml file.
Note:
The Get-ADDCCloningExcludedApplicationListcmdlet searches the local domain controller for
programs and services in the installed programs database, the services control manager that are not
specified in the default and user defined inclusion list. The applications in the resulting list can be added to
the user defined exclusion list if they are determined to support cloning. If the applications are not
cloneable, they should be removed from the source domain controller before the clone media is created.
Any application that appears in cmdlet output and is not included in the user defined inclusion list will force
cloning to fail.
The Get-ADDCCloningExcludedApplicationListcmdlet needs to be run before the New-
ADDCCloneConfigFilecmdlet is used because if the New-ADDCCloneConfigFilecmdlet detects an
excluded application, it will not create a DCCloneConfig.xml file.
DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take
when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This
file can be generated in a few different ways.
The New-ADDCCloneConfigcmdlet in PowerShell
By hand with an XML editor
By editing an existing config file, again with an XML editor (Notepad is not an XML editor.)
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-425.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-433.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You can populate the XML file. . . . . doesn’t need to be empty. . . . .
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-447.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 44
Your network contains an Active Directory domain named contoso.com. The domain contains two servers
named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and
Storage Services server role, the DFS Namespace role service, and the DFS Replication role service
installed.
Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1.
Server1 and Server2 are connected by using a high-speed LAN connection.
You need to minimize the amount of processor resources consumed by DFS Replication.
What should you do?
A. Modify the replication schedule.
B. Modify the staging quota.
C. Disable Remote Differential Compression (RDC).
D. Reduce the bandwidth usage.
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to
disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and
bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can
be beneficial when transferring large files.
Question tells it uses a high-speed LAN connection.
http://technet.microsoft.com/en-us/library/cc758825%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc754229.aspx
QUESTION 45
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2012 R2.
All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain.
All user accounts for the sales department are in an organizational unit (OU) named Sales_OU.
A Group Policy object (GPO) named GPO1 is linked to Sales_OU.
You need to configure a dial-up connection for all of the sales users.
What should you configure from User Configuration in GPO1?
A. Policies/Administrative Templates/Network/Windows Connect Now
B. Preferences/Control Panel Settings/Network Options
C. Policies/Administrative Templates/Windows Components/Windows Mobility Center
D. Policies/Administrative Templates/Network/Network Connections
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The Network Options extension allows you to centrally create, modify, and delete dial-up networking and
virtual private network (VPN) connections. Before you create a network option preference item, you should
review the behavior of each type of action possible with the extension.
Your network contains an Active Directory domain named contoso.com. The domain contains two servers
named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and
Storage Services server role, the DFS Namespace role service, and the DFS Replication role service
installed.
Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1.
Server1 and Server2 are connected by using a high-speed LAN connection.
You need to minimize the amount of processor resources consumed by DFS Replication.
What should you do?
A. Modify the replication schedule.
B. Modify the staging quota.
C. Disable Remote Differential Compression (RDC).
D. Reduce the bandwidth usage.
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Because disabling RDC can help conserve disk input/output (I/O) and CPU resources, you might want to
disable RDC on a connection if the sending and receiving members are in a local area network (LAN), and
bandwidth use is not a concern. However, in a LAN environment where bandwidth is contended, RDC can
be beneficial when transferring large files.
Question tells it uses a high-speed LAN connection.
http://technet.microsoft.com/en-us/library/cc758825%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc754229.aspx
QUESTION 45
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2012 R2.
All sales users have laptop computers that run Windows 8. The sales computers are joined to the domain.
All user accounts for the sales department are in an organizational unit (OU) named Sales_OU.
A Group Policy object (GPO) named GPO1 is linked to Sales_OU.
You need to configure a dial-up connection for all of the sales users.
What should you configure from User Configuration in GPO1?
A. Policies/Administrative Templates/Network/Windows Connect Now
B. Preferences/Control Panel Settings/Network Options
C. Policies/Administrative Templates/Windows Components/Windows Mobility Center
D. Policies/Administrative Templates/Network/Network Connections
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
The Network Options extension allows you to centrally create, modify, and delete dial-up networking and
virtual private network (VPN) connections. Before you create a network option preference item, you should
review the behavior of each type of action possible with the extension.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-450.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
To create a new Dial-Up Connection preference item
Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should
contain the new preference item, and then click Edit. In the console tree under Computer Configuration or
User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder.
Right-click the Network Options node, point to New, and select Dial-Up Connection.
http://technet.microsoft.com/en-us/library/cc772107.aspx
http://technet.microsoft.com/en-us/library/cc772107.aspx
http://technet.microsoft.com/en-us/library/cc772449.aspx
QUESTION 46
Your network contains an Active Directory domain named contoso.com.
A user named User1 creates a central store and opens the Group Policy Management Editor as shown in
the exhibit. (Click the Exhibit button.)
Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should
contain the new preference item, and then click Edit. In the console tree under Computer Configuration or
User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder.
Right-click the Network Options node, point to New, and select Dial-Up Connection.
http://technet.microsoft.com/en-us/library/cc772107.aspx
http://technet.microsoft.com/en-us/library/cc772107.aspx
http://technet.microsoft.com/en-us/library/cc772449.aspx
QUESTION 46
Your network contains an Active Directory domain named contoso.com.
A user named User1 creates a central store and opens the Group Policy Management Editor as shown in
the exhibit. (Click the Exhibit button.)
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-452.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You need to ensure that the default Administrative Templates appear in GPO1.
What should you do?
A. Link a WMI filter to GPO1.
B. Copy files from %Windir%\Policydefinitions to the central store.
C. Configure Security Filtering in GPO1.
D. Add User1 to the Group Policy Creator Owners group.
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
In earlier operating systems, all the default Administrative Template files are added to the ADM folder of a
Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The
SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file
uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a
distinct version of a policy, replication traffic is increased.
In Group Policy for Windows Server 2008 and Windows Vista, if you change Administrative template policy
settings on local computers, Sysvol will not be automatically updated with the new .admX or .admL files.
This change in behavior is implemented to reduce network load and disk storage requirements, and to
prevent conflicts between .admX files and.admL files when edits to Administrative template policy settings
are made across different locales. To make sure that any local updates are reflected in Sysvol, you must
manually copy the updated .admX or .admL files from the PolicyDefinitions file on the local computer to the
Sysvol\PolicyDefinitions folder on the appropriate domain controller.
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on
a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The
Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store
are later replicated to all domain controllers in the domain.
To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the
following location:
\\FQDN\SYSVOL\FQDN\policies
http://support.microsoft.com/kb/929841
QUESTION 47
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server
Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an
email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for
Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to
access Folder1, an email notification is sent to a distribution list named DL2. The solution must not
prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
When using the email model each of the file shares, you can determine whether access requests to each
file share will be received by the administrator, a distribution list that represents the file share owners, or
both.
You can use the File Server Resource Manager console to configure the owner distribution list by editing
the management properties of the classification properties.
http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12
QUESTION 48
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A
Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
A. The Secedit command
B. The Invoke-GpUpdate cmdlet
C. Group Policy Object Editor
D. Server Manager
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Invoke-GPUpdate
Schedule a remote Group Policy refresh (gpupdate) on the specified computer.
Applies To: Windows Server 2012 R2
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on
remote computers by scheduling the running of the Gpupdate command on a remote computer. You can
combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period
of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be
offset by a random delay.
Note:
Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure
a computer and user experience within a domain. When the Resultant Set of Policy settings does not
conform to your expectations, a best practice is to first verify that the computer or user has received the
latest policy settings. In previous versions of Windows, this was accomplished by having the user run
GPUpdate.exe on their computer. With Windows Server 2012 R2 and Windows 8, you can remotely
refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by
using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows
PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within
the OU structure–for example, if the computers are located in the default computers container.
The remote Group Policy refresh updates all Group Policy settings, including security settings that are set
on a group of remote computers, by using the functionality that is added to the context menu for an OU in
the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group
Policy settings on all the computers in that OU, the following operations happen:
An Active Directory query returns a list of all computers that belong to that OU. For each computer that
belongs to the selected OU, a WMI call retrieves the list of signed in users.
A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the
computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to
decrease the load on the network traffic. This random delay cannot be configured when you use the
GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run
immediately when you use the Invoke-GPUpdate cmdlet.
Reference: Force a Remote Group Policy Refresh (GPUpdate)
QUESTION 49
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Modify the members of the Remote Management Users group.
B. Add a RADIUS client.
C. Modify the Dial-in setting of User1.
D. Create a connection request policy.
Correct Answer: C
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Access permission is also granted or denied based on the dial-in properties of each user account.
http://technet.microsoft.com/en-us/library/cc772123.aspx
QUESTION 50
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
What should you do?
A. Link a WMI filter to GPO1.
B. Copy files from %Windir%\Policydefinitions to the central store.
C. Configure Security Filtering in GPO1.
D. Add User1 to the Group Policy Creator Owners group.
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
In earlier operating systems, all the default Administrative Template files are added to the ADM folder of a
Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The
SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file
uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a
distinct version of a policy, replication traffic is increased.
In Group Policy for Windows Server 2008 and Windows Vista, if you change Administrative template policy
settings on local computers, Sysvol will not be automatically updated with the new .admX or .admL files.
This change in behavior is implemented to reduce network load and disk storage requirements, and to
prevent conflicts between .admX files and.admL files when edits to Administrative template policy settings
are made across different locales. To make sure that any local updates are reflected in Sysvol, you must
manually copy the updated .admX or .admL files from the PolicyDefinitions file on the local computer to the
Sysvol\PolicyDefinitions folder on the appropriate domain controller.
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on
a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The
Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store
are later replicated to all domain controllers in the domain.
To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the
following location:
\\FQDN\SYSVOL\FQDN\policies
http://support.microsoft.com/kb/929841
QUESTION 47
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server
Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an
email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for
Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to
access Folder1, an email notification is sent to a distribution list named DL2. The solution must not
prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
When using the email model each of the file shares, you can determine whether access requests to each
file share will be received by the administrator, a distribution list that represents the file share owners, or
both.
You can use the File Server Resource Manager console to configure the owner distribution list by editing
the management properties of the classification properties.
http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12
QUESTION 48
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A
Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
A. The Secedit command
B. The Invoke-GpUpdate cmdlet
C. Group Policy Object Editor
D. Server Manager
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
Invoke-GPUpdate
Schedule a remote Group Policy refresh (gpupdate) on the specified computer.
Applies To: Windows Server 2012 R2
The Invoke-GPUpdate cmdlet refreshes Group Policy settings, including security settings that are set on
remote computers by scheduling the running of the Gpupdate command on a remote computer. You can
combine this cmdlet in a scripted fashion to schedule the Gpupdate command on a group of computers.
The refresh can be scheduled to immediately start a refresh of policy settings or wait for a specified period
of time, up to a maximum of 31 days. To avoid putting a load on the network, the refresh times will be
offset by a random delay.
Note:
Group Policy is a complicated infrastructure that enables you to apply policy settings to remotely configure
a computer and user experience within a domain. When the Resultant Set of Policy settings does not
conform to your expectations, a best practice is to first verify that the computer or user has received the
latest policy settings. In previous versions of Windows, this was accomplished by having the user run
GPUpdate.exe on their computer. With Windows Server 2012 R2 and Windows 8, you can remotely
refresh Group Policy settings for all computers in an organizational unit (OU) from one central location by
using the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate Windows
PowerShell cmdlet to refresh Group Policy for a set of computers, including computers that are not within
the OU structure–for example, if the computers are located in the default computers container.
The remote Group Policy refresh updates all Group Policy settings, including security settings that are set
on a group of remote computers, by using the functionality that is added to the context menu for an OU in
the Group Policy Management Console (GPMC). When you select an OU to remotely refresh the Group
Policy settings on all the computers in that OU, the following operations happen:
An Active Directory query returns a list of all computers that belong to that OU. For each computer that
belongs to the selected OU, a WMI call retrieves the list of signed in users.
A remote scheduled task is created to run GPUpdate.exe /force for each signed in user and once for the
computer Group Policy refresh. The task is scheduled to run with a random delay of up to 10 minutes to
decrease the load on the network traffic. This random delay cannot be configured when you use the
GPMC, but you can configure the random delay for the scheduled task or set the scheduled task to run
immediately when you use the Invoke-GPUpdate cmdlet.
Reference: Force a Remote Group Policy Refresh (GPUpdate)
QUESTION 49
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Modify the members of the Remote Management Users group.
B. Add a RADIUS client.
C. Modify the Dial-in setting of User1.
D. Create a connection request policy.
Correct Answer: C
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Access permission is also granted or denied based on the dial-in properties of each user account.
http://technet.microsoft.com/en-us/library/cc772123.aspx
QUESTION 50
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-456.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Routerl.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
A. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.2.1 METRIC 50
B. Route add -p 192.168.2.12 MASK 255.255.255.0 192.168.2.1 METRIC 100
C. Route add -p 192.168.2.12 MASK 255.255.255.0 192.168.2.0 METRIC 50
D. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.1.2 METRIC 100
Correct Answer: D
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
QUESTION 51
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com.
The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a
DNS server and hosts a primary zone for contoso.com. The branch office contains a member server
named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone
for contoso.com.
The main office connects to the branch office by using an unreliable WAN link.
You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable
for three days.
Which setting should you modify in the start of authority (SOA) record?
A. Retry interval
B. Refresh interval
C. Expires after
D. Minimum (default) TTL
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account. on the actual exam and checked with
and Premium account.
Explanation:
Used by other DNS servers that are configured to load and host the zone to determine when zone data
expires if it is not renewed
QUESTION 52
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
DirectAccess is deployed to the network.
Remote users connect to the DirectAccess server by using a variety of network speeds.
The remote users report that sometimes their connection is very slow.
You need to minimize Group Policy processing across all wireless wide area network (WWAN)
connections.
Which Group Policy setting should you configure?
A. Configure Group Policy slow link detection.
B. Configure Direct Access connections as a fast network connection.
C. Configure wireless policy processing.
D. Change Group Policy processing to run asynchronously when a slow network connection is detected.
Correct Answer: A
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
You discover that all of the connections from Server1 to Server2 are routed through Routerl.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
A. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.2.1 METRIC 50
B. Route add -p 192.168.2.12 MASK 255.255.255.0 192.168.2.1 METRIC 100
C. Route add -p 192.168.2.12 MASK 255.255.255.0 192.168.2.0 METRIC 50
D. Route add -p 192.168.2.0 MASK 255.255.255.0 192.168.1.2 METRIC 100
Correct Answer: D
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
QUESTION 51
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com.
The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a
DNS server and hosts a primary zone for contoso.com. The branch office contains a member server
named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone
for contoso.com.
The main office connects to the branch office by using an unreliable WAN link.
You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable
for three days.
Which setting should you modify in the start of authority (SOA) record?
A. Retry interval
B. Refresh interval
C. Expires after
D. Minimum (default) TTL
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account. on the actual exam and checked with
and Premium account.
Explanation:
Used by other DNS servers that are configured to load and host the zone to determine when zone data
expires if it is not renewed
QUESTION 52
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
DirectAccess is deployed to the network.
Remote users connect to the DirectAccess server by using a variety of network speeds.
The remote users report that sometimes their connection is very slow.
You need to minimize Group Policy processing across all wireless wide area network (WWAN)
connections.
Which Group Policy setting should you configure?
A. Configure Group Policy slow link detection.
B. Configure Direct Access connections as a fast network connection.
C. Configure wireless policy processing.
D. Change Group Policy processing to run asynchronously when a slow network connection is detected.
Correct Answer: A
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-458.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-461.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-464.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
http://www.rebeladmin.com/tag/slow-link/
QUESTION 53
Your network contains an Active Directory domain named contoso.com.
All user accounts reside in an organizational unit (OU) named OU1. All of the users in the marketing
department are members of a group named Marketing. All of the users in the human resources department
are members of a group named HR.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group
Policy preferences of GPO1 to add two shortcuts named Link1 and Link2 to the desktop of each user.
You need to ensure that Link1 only appears on the desktop of the users in Marketing and that Link2
only appears on the desktop of the users inHR.
What should you configure?
A. Security Filtering
B. WMI Filtering
C. Group Policy Inheritance
D. Item-level targeting
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
You can use item-level targeting to change the scope of individual preference items, so they apply only to
selected users or computers. Within a single Group Policy object (GPO), you can include multiple
preference items, each customized for selected users or computers and each targeted to apply settings
only to the relevant users or computers.
QUESTION 53
Your network contains an Active Directory domain named contoso.com.
All user accounts reside in an organizational unit (OU) named OU1. All of the users in the marketing
department are members of a group named Marketing. All of the users in the human resources department
are members of a group named HR.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group
Policy preferences of GPO1 to add two shortcuts named Link1 and Link2 to the desktop of each user.
You need to ensure that Link1 only appears on the desktop of the users in Marketing and that Link2
only appears on the desktop of the users inHR.
What should you configure?
A. Security Filtering
B. WMI Filtering
C. Group Policy Inheritance
D. Item-level targeting
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
You can use item-level targeting to change the scope of individual preference items, so they apply only to
selected users or computers. Within a single Group Policy object (GPO), you can include multiple
preference items, each customized for selected users or computers and each targeted to apply settings
only to the relevant users or computers.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-466.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-467.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 54
Your network contains an Active Directory domain named adatum.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server
(NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network
Access Protection (NAP) health requirements.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A. The Called Station ID constraints
B. The MS-Service Class conditions
C. The Health Policies conditions
D. The NAS Port Type constraints
E. The NAP-Capable Computers conditions
Correct Answer: CE
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
http://technet.microsoft.com/en-us/library/cc753603.aspx
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731560.aspx
QUESTION 55
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server
Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an
email notification is sent to a distribution list named DLL.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for
Folder1.
You need to ensure that when a user receives an access-denied message while attempting to
access Folder1, an email notification is sent to a distribution list named DL2.
The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From the File Server Resource Manager console, create a local classification property.
B. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB
Share – Applications option.
C. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
D. From the File Server Resource Manager console, set a folder management property.
Correct Answer: D
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Notes:
With a folder management feature can be "denied" a dissenting from the general settings of File Server
Resource Manager e-mail address for notifications for the assistance provided for the folder folder1 set.
QUESTION 56
Your network contains a single Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
The domain contains 400 desktop computers that run Windows 8 and 10 desktop computers that run
Windows XP Service Pack 3 (SP3). All new desktop computers that are added to the domain run Windows
8.
All of the desktop computers are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings. You link
GPO1 to OU1.
You need to ensure that GPO1 is applied only to computers that run Windows XP SP3.
What should you do?
A. Create and link a WML filter to GPO1
B. Run the Set-GPInheritance cmdlet and specify the -target parameter.
C. Run the Set-GPLink cmdlet and specify the -target parameter.
D. Modify the Security settings of OU1.
Correct Answer: A
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
WMI Filtering is used to get information of the system and apply the GPO on it with the condition is met.
Security filtering: apply a GPO to a specific group (members of the group)
QUESTION 57
Your network contains an Active Directory domain named contoso.com. The network contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services
server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role
installed. You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using Network Policy Server (NPS)
templates.
Which three settings should you identify? (Each correct answer presents part of the solution. Choose
three.)
A. IP filters
B. shared secrets
C. health policies
D. network policies
E. connection request policies
Correct Answer: ABC
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Notes:
Using NPS templates (Network Policy Server, Network Policy Server) allows you to create configuration
elements such as RADIUS clients (Remote Authentication Dial-In User Service) or shared secret that you
can reuse on the local NPS server and for use on other NPS servers can export. NPS templates to reduce
the time required and the cost of configuring one or more Network Policy Server. The following NPS
template types are available in the template management for configuration:
Shared secrets
RADIUS clients
Remote RADIUS server
IP Filter
Health Policies
Remediation Server Groups
Configuring a template is not to be confused with direct Configuring the Network Policy Server. Creating a
template does not affect the functionality of the Network Policy Server. Only when you select the template
in the appropriate place in the NPS console, the original on the functionality of the Network Policy Server
acts out.
QUESTION 58
Your network contains an Active Directory domain named contoso.com.
Network Policy Server (NPS) is deployed to the domain.
You plan to deploy Network Access Protection (NAP).
You need to configure the requirements that are validated on the NPS client computers.
What should you do?
A. From the Network Policy Server console, configure a network policy.
B. From the Network Policy Server console, configure a health policy.
C. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV)
policy.
D. From a Group Policy object (GPO), configure the NAP Client Configuration security setting.
E. From a Group Policy object (GPO), configure the Network Access Protection Administrative Templates
setting.
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Notes:
The settings of the Windows Security Health verification. The client computer requirements are defined, of
which a connection to your network is established Windows Security Health Checks can Windows be
created 7 and Windows Vista for Windows XP or for Windows 8. Guidelines for Windows XP does not
support testing of Antispywarefuntkionen.
Your network contains an Active Directory domain named adatum.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server
(NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network
Access Protection (NAP) health requirements.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A. The Called Station ID constraints
B. The MS-Service Class conditions
C. The Health Policies conditions
D. The NAS Port Type constraints
E. The NAP-Capable Computers conditions
Correct Answer: CE
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
http://technet.microsoft.com/en-us/library/cc753603.aspx
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731560.aspx
QUESTION 55
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server
Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an
email notification is sent to a distribution list named DLL.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for
Folder1.
You need to ensure that when a user receives an access-denied message while attempting to
access Folder1, an email notification is sent to a distribution list named DL2.
The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From the File Server Resource Manager console, create a local classification property.
B. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB
Share – Applications option.
C. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
D. From the File Server Resource Manager console, set a folder management property.
Correct Answer: D
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Notes:
With a folder management feature can be "denied" a dissenting from the general settings of File Server
Resource Manager e-mail address for notifications for the assistance provided for the folder folder1 set.
QUESTION 56
Your network contains a single Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
The domain contains 400 desktop computers that run Windows 8 and 10 desktop computers that run
Windows XP Service Pack 3 (SP3). All new desktop computers that are added to the domain run Windows
8.
All of the desktop computers are located in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. GPO1 contains startup script settings. You link
GPO1 to OU1.
You need to ensure that GPO1 is applied only to computers that run Windows XP SP3.
What should you do?
A. Create and link a WML filter to GPO1
B. Run the Set-GPInheritance cmdlet and specify the -target parameter.
C. Run the Set-GPLink cmdlet and specify the -target parameter.
D. Modify the Security settings of OU1.
Correct Answer: A
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 17/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
WMI Filtering is used to get information of the system and apply the GPO on it with the condition is met.
Security filtering: apply a GPO to a specific group (members of the group)
QUESTION 57
Your network contains an Active Directory domain named contoso.com. The network contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services
server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role
installed. You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using Network Policy Server (NPS)
templates.
Which three settings should you identify? (Each correct answer presents part of the solution. Choose
three.)
A. IP filters
B. shared secrets
C. health policies
D. network policies
E. connection request policies
Correct Answer: ABC
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Notes:
Using NPS templates (Network Policy Server, Network Policy Server) allows you to create configuration
elements such as RADIUS clients (Remote Authentication Dial-In User Service) or shared secret that you
can reuse on the local NPS server and for use on other NPS servers can export. NPS templates to reduce
the time required and the cost of configuring one or more Network Policy Server. The following NPS
template types are available in the template management for configuration:
Shared secrets
RADIUS clients
Remote RADIUS server
IP Filter
Health Policies
Remediation Server Groups
Configuring a template is not to be confused with direct Configuring the Network Policy Server. Creating a
template does not affect the functionality of the Network Policy Server. Only when you select the template
in the appropriate place in the NPS console, the original on the functionality of the Network Policy Server
acts out.
QUESTION 58
Your network contains an Active Directory domain named contoso.com.
Network Policy Server (NPS) is deployed to the domain.
You plan to deploy Network Access Protection (NAP).
You need to configure the requirements that are validated on the NPS client computers.
What should you do?
A. From the Network Policy Server console, configure a network policy.
B. From the Network Policy Server console, configure a health policy.
C. From the Network Policy Server console, configure a Windows Security Health Validator (WSHV)
policy.
D. From a Group Policy object (GPO), configure the NAP Client Configuration security setting.
E. From a Group Policy object (GPO), configure the Network Access Protection Administrative Templates
setting.
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Notes:
The settings of the Windows Security Health verification. The client computer requirements are defined, of
which a connection to your network is established Windows Security Health Checks can Windows be
created 7 and Windows Vista for Windows XP or for Windows 8. Guidelines for Windows XP does not
support testing of Antispywarefuntkionen.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-469.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 59
Your network contains an Active Directory domain named adatum.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server
(NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each
subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies
than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A. The NAP-Capable Computers conditions
B. The NAS Port Type constraints
C. The Health Policies conditions
D. The MS-Service Class conditions
E. The Called Station ID constraints
Correct Answer: CD
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Your network contains an Active Directory domain named adatum.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server
(NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP scope for each
subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network policies
than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A. The NAP-Capable Computers conditions
B. The NAS Port Type constraints
C. The Health Policies conditions
D. The MS-Service Class conditions
E. The Called Station ID constraints
Correct Answer: CD
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-473.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
With the condition health policies, a network policy to be limited to client computers that match the
specified in the health policy integrity criteria.
By configuring the network policy condition MS-Service Class may be restricted a network policy for
clients of a particular subnet.
The condition MS-Service class indicates that the computer that connects, must have an IP address lease
from a DHCP scope that matches the selected profile name. The profile name can be specified in the
properties of the DHCP address range:
QUESTION 60
Your network contains an Active Directory domain named contoso.com. The functional level of the forest is
Windows Server 2008 R2.
Computer accounts for the marketing department are in an organizational unit (OU) named Departments
\Marketing\Computers. User accounts for the marketing department are in an OU named Departments
\Marketing\Users.
All of the marketing user accounts are members of a global security group named MarketingUsers. All of
the marketing computer accounts are members of a global security group named MarketingComputers.
In the domain, you have Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.)
specified in the health policy integrity criteria.
By configuring the network policy condition MS-Service Class may be restricted a network policy for
clients of a particular subnet.
The condition MS-Service class indicates that the computer that connects, must have an IP address lease
from a DHCP scope that matches the selected profile name. The profile name can be specified in the
properties of the DHCP address range:
QUESTION 60
Your network contains an Active Directory domain named contoso.com. The functional level of the forest is
Windows Server 2008 R2.
Computer accounts for the marketing department are in an organizational unit (OU) named Departments
\Marketing\Computers. User accounts for the marketing department are in an OU named Departments
\Marketing\Users.
All of the marketing user accounts are members of a global security group named MarketingUsers. All of
the marketing computer accounts are members of a global security group named MarketingComputers.
In the domain, you have Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.)
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-476.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You create two Password Settings objects named PSO1 and PSO2. PSO1 is applied to MarketingUsers.
PSO2 is applied to MarketingComputers.
The minimum password length is defined for each policy as shown in the following table.
PSO2 is applied to MarketingComputers.
The minimum password length is defined for each policy as shown in the following table.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-479.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam B part3(41-60) Exam VCE Dumps For free download with 100%pass ensure")
You need to identify the minimum password length required for each marketing user.
What should you identify?
A. 5
B. 6
C. 7
D. 10
E. 12
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
What should you identify?
A. 5
B. 6
C. 7
D. 10
E. 12
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Latest online browsing the 70-411 exam!
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment