Do you want to pass the 70-411 examsavior exam? What are the new questions of the latest 70-411 exam? Braindumps 70-411 VCE dumps and 70-411 PDF dumps will tell you all about the 70-411 examsavior exam.Here are the examsavior newest and covered all new added questions and answers, which will help you 100% passing 70-411 examsavior exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
QUESTION 21
Your company has a main office and a branch office. The main office is located in Seattle. The branch
office is located in Montreal. Each office is configured as an Active Directory site.
The network contains an Active Directory domain named adatum.com. The Seattle office contains a file
server named Server1. The Montreal office contains a file server named Server2.
The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS
Namespaces role service, and the DFS Replication role service installed.
Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication.
You need to ensure that users connect to the replicated folder in their respective office when they
connect to \\contoso.com\Share1.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose
three.)
A. Create a replication connection.
B. Create a namespace.
C. Share and publish the replicated folder.
D. Create a new topology.
E. Modify the Referrals settings.
Correct Answer: BCE
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
To share a replicated folder and publish it to a DFS namespace Click Start, point to Administrative Tools,
and then click DFS Management. In the console tree, under the Replication node, click the replication
group that contains the replicated folder you want to share. In the details pane, on the Replicated Folders
tab, right-click the replicated folder that you want to share, and then click Share and Publish in
Namespace. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated
folder in a namespace, and then follow the steps in the wizard.
Note that: If you do not have an existing namespace, you can create one in the Namespace Path page in
the Share and Publish Replicated Folder Wizard. To create the namespace, in the Namespace Path page,
click Browse, and then click New Namespace.
To create a namespace
Click Start, point to Administrative Tools, and then click DFS Management. In the console tree, right-click
the Namespaces node, and then click New Namespace. Follow the instructions in the New Namespace
Wizard.
To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server
instance on the Namespace Server page of the New Namespace Wizard.
Important
Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the
forest functional level is Windows Server 2003 or higher. Doing so can result in a namespace for which
you cannot delete DFS folders, yielding the following error message: "The folder cannot be deleted.
Cannot complete this function. "
To share a replicated folder and publish it to a DFS namespace
1. Click Start, point to Administrative Tools, and then click DFS Management.
2. In the console tree, under the Replication node, click the replication group that contains the replicated
folder you want to share.
3. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share,
and then click Share and Publish in Namespace.
4. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a
namespace, and then follow the steps in the wizard.
office is located in Montreal. Each office is configured as an Active Directory site.
The network contains an Active Directory domain named adatum.com. The Seattle office contains a file
server named Server1. The Montreal office contains a file server named Server2.
The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS
Namespaces role service, and the DFS Replication role service installed.
Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication.
You need to ensure that users connect to the replicated folder in their respective office when they
connect to \\contoso.com\Share1.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose
three.)
A. Create a replication connection.
B. Create a namespace.
C. Share and publish the replicated folder.
D. Create a new topology.
E. Modify the Referrals settings.
Correct Answer: BCE
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
To share a replicated folder and publish it to a DFS namespace Click Start, point to Administrative Tools,
and then click DFS Management. In the console tree, under the Replication node, click the replication
group that contains the replicated folder you want to share. In the details pane, on the Replicated Folders
tab, right-click the replicated folder that you want to share, and then click Share and Publish in
Namespace. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated
folder in a namespace, and then follow the steps in the wizard.
Note that: If you do not have an existing namespace, you can create one in the Namespace Path page in
the Share and Publish Replicated Folder Wizard. To create the namespace, in the Namespace Path page,
click Browse, and then click New Namespace.
To create a namespace
Click Start, point to Administrative Tools, and then click DFS Management. In the console tree, right-click
the Namespaces node, and then click New Namespace. Follow the instructions in the New Namespace
Wizard.
To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server
instance on the Namespace Server page of the New Namespace Wizard.
Important
Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the
forest functional level is Windows Server 2003 or higher. Doing so can result in a namespace for which
you cannot delete DFS folders, yielding the following error message: "The folder cannot be deleted.
Cannot complete this function. "
To share a replicated folder and publish it to a DFS namespace
1. Click Start, point to Administrative Tools, and then click DFS Management.
2. In the console tree, under the Replication node, click the replication group that contains the replicated
folder you want to share.
3. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share,
and then click Share and Publish in Namespace.
4. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a
namespace, and then follow the steps in the wizard.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-421.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
"You need to ensure that users connect to the replicated folder in their respective office when they connect
to \\contoso.com\Share1"
to \\contoso.com\Share1"
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-432.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-434.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
http://technet.microsoft.com/en-us/library/cc731531.aspx
http://technet.microsoft.com/en-us/library/cc771978.aspx
http://technet.microsoft.com/en-us/library/cc772778%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc732414.aspx
http://technet.microsoft.com/en-us/library/cc772379.aspx
http://technet.microsoft.com/en-us/library/cc732863%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc725830.aspx
QUESTION 22
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server
Resource Manager role service installed.
Server1 has a folder named Folder1 that is used by the sales department.
You need to ensure that an email notification is sent to the sales manager when a File Screening
Audit report is generated.
What should you configure on Server1?
A. a file group
B. a file screen
C. a file screen exception
D. a storage report task
Correct Answer: D
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
From the Storage Reports Management node, you can generate reports that will help you understand file
use on the storage server. You can use the storage reports to monitor disk usage patterns (by file type or
user), identify duplicate files and dormant files, track quota usage, and audit file screening.
http://technet.microsoft.com/en-us/library/cc771978.aspx
http://technet.microsoft.com/en-us/library/cc772778%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc732414.aspx
http://technet.microsoft.com/en-us/library/cc772379.aspx
http://technet.microsoft.com/en-us/library/cc732863%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc725830.aspx
QUESTION 22
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server
Resource Manager role service installed.
Server1 has a folder named Folder1 that is used by the sales department.
You need to ensure that an email notification is sent to the sales manager when a File Screening
Audit report is generated.
What should you configure on Server1?
A. a file group
B. a file screen
C. a file screen exception
D. a storage report task
Correct Answer: D
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with and Premium account.
Explanation:
From the Storage Reports Management node, you can generate reports that will help you understand file
use on the storage server. You can use the storage reports to monitor disk usage patterns (by file type or
user), identify duplicate files and dormant files, track quota usage, and audit file screening.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-436.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
Before you run a File Screen Audit report, in the File Server Resource Manager Options dialog box, on the
File Screen Audit tab, verify that the Record file screening activity in the auditing database check box is
selected.
http://technet.microsoft.com/en-us/library/cc755988.aspx
http://technet.microsoft.com/en-us/library/cc730822.aspx
http://technet.microsoft.com/en-us/library/cc770594.aspx
http://technet.microsoft.com/en-us/library/cc771212.aspx
http://technet.microsoft.com/en-us/library/cc732074.aspx
QUESTION 23
Your network contains an Active Directory domain named adatum.com. The domain contains 10 domain
controllers that run Windows Server 2012 R2.
You plan to create a new Active Directory-integrated zone named contoso.com.
You need to ensure that the new zone will be replicated to only four of the domain controllers.
What should you do first?
A. Create an application directory partition.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Change the zone replication scope.
Correct Answer: A
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Application directory partitions
An application directory partition is a directory partition that is replicated only to specific domain controllers.
A domain controller that participates in the replication of a particular application directory partition hosts a
replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an
application directory partition.
QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their
DirectAccess connection.
What should you do?
A. Configure a DNS suffix search list on the DirectAccess clients.
B. Configure DirectAccess to enable force tunneling.
C. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy
object (GPO).
D. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server
Settings Group Policy object (GPO).
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
File Screen Audit tab, verify that the Record file screening activity in the auditing database check box is
selected.
http://technet.microsoft.com/en-us/library/cc755988.aspx
http://technet.microsoft.com/en-us/library/cc730822.aspx
http://technet.microsoft.com/en-us/library/cc770594.aspx
http://technet.microsoft.com/en-us/library/cc771212.aspx
http://technet.microsoft.com/en-us/library/cc732074.aspx
QUESTION 23
Your network contains an Active Directory domain named adatum.com. The domain contains 10 domain
controllers that run Windows Server 2012 R2.
You plan to create a new Active Directory-integrated zone named contoso.com.
You need to ensure that the new zone will be replicated to only four of the domain controllers.
What should you do first?
A. Create an application directory partition.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Change the zone replication scope.
Correct Answer: A
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Application directory partitions
An application directory partition is a directory partition that is replicated only to specific domain controllers.
A domain controller that participates in the replication of a particular application directory partition hosts a
replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an
application directory partition.
QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their
DirectAccess connection.
What should you do?
A. Configure a DNS suffix search list on the DirectAccess clients.
B. Configure DirectAccess to enable force tunneling.
C. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy
object (GPO).
D. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server
Settings Group Policy object (GPO).
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-438.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
Explanation:
With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their
intranet and Internet traffic as follows:
DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged
over the tunnels that are created with the DirectAccess server or directly with intranet servers. Intranet
traffic from DirectAccess clients is IPv6 traffic.
DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet
namespace, and all traffic to Internet servers, is exchanged over the physical interface that is connected to
the Internet. Internet traffic from DirectAccess clients is typically IPv4 traffic.
In contrast, by default, some remote access virtual private network (VPN) implementations, including the
VPN client, send all intranet and Internet traffic over the remote access VPN connection. Internet-bound
traffic is routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet resources.
It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split
tunneling. This involves configuring the Internet Protocol (IP) routing table on VPN clients so that traffic to
intranet locations is sent over the VPN connection, and traffic to all other locations is sent by using the
physical interface that is connected to the Internet. You can configure DirectAccess clients to send all of
their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is
configured, DirectAccess clients detect that they are on the Internet, and they remove their IPv4 default
route. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that
goes through tunnels to the DirectAccess server.
QUESTION 25
Your network contains a single Active Directory domain named contoso.com. The domain contains a
domain controller named DC1 that hosts the primary DNS zone for contoso.com.
All servers dynamically register their host names.
You install three new Web servers that host identical copies of your company’s intranet website. The
servers are configured as shown in the following table.
With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their
intranet and Internet traffic as follows:
DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged
over the tunnels that are created with the DirectAccess server or directly with intranet servers. Intranet
traffic from DirectAccess clients is IPv6 traffic.
DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet
namespace, and all traffic to Internet servers, is exchanged over the physical interface that is connected to
the Internet. Internet traffic from DirectAccess clients is typically IPv4 traffic.
In contrast, by default, some remote access virtual private network (VPN) implementations, including the
VPN client, send all intranet and Internet traffic over the remote access VPN connection. Internet-bound
traffic is routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet resources.
It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split
tunneling. This involves configuring the Internet Protocol (IP) routing table on VPN clients so that traffic to
intranet locations is sent over the VPN connection, and traffic to all other locations is sent by using the
physical interface that is connected to the Internet. You can configure DirectAccess clients to send all of
their traffic through the tunnels to the DirectAccess server with force tunneling. When force tunneling is
configured, DirectAccess clients detect that they are on the Internet, and they remove their IPv4 default
route. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that
goes through tunnels to the DirectAccess server.
QUESTION 25
Your network contains a single Active Directory domain named contoso.com. The domain contains a
domain controller named DC1 that hosts the primary DNS zone for contoso.com.
All servers dynamically register their host names.
You install three new Web servers that host identical copies of your company’s intranet website. The
servers are configured as shown in the following table.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-440.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
You need to use DNS records to load balance name resolution queries for intranet.contoso.com between
the three Web servers.
What is the minimum number of DNS records that you should create manually?
A. 1
B. 3
C. 4
D. 6
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
To create DNS Host (A) Records for all internal pool servers
1. Click Stabrt, click All Programs, click Administrative Tools, and then click DNS.
2. In DNS Manager, click the DNS Server that manages your records to expand it.
3. Click Forward Lookup Zones to expand it.
4. Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA).
5. In the Name box, type the name of the host record (the domain name will be automatically appended).
6. In the IP Address box, type the IP address of the individual Front End Server and then select Create
associated pointer (PTR) record or Allow any authenticated user to update.
DNS records with the same owner name, if applicable.
7. Continue creating records for all member Front End Servers that will participate in DNS Load Balancing.
For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create
the following DNS entries:
the three Web servers.
What is the minimum number of DNS records that you should create manually?
A. 1
B. 3
C. 4
D. 6
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
To create DNS Host (A) Records for all internal pool servers
1. Click Stabrt, click All Programs, click Administrative Tools, and then click DNS.
2. In DNS Manager, click the DNS Server that manages your records to expand it.
3. Click Forward Lookup Zones to expand it.
4. Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA).
5. In the Name box, type the name of the host record (the domain name will be automatically appended).
6. In the IP Address box, type the IP address of the individual Front End Server and then select Create
associated pointer (PTR) record or Allow any authenticated user to update.
DNS records with the same owner name, if applicable.
7. Continue creating records for all member Front End Servers that will participate in DNS Load Balancing.
For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create
the following DNS entries:
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-443.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
http://technet.microsoft.com/en-us/library/cc772506.aspx
http://technet.microsoft.com/en-us/library/gg398251.aspx
QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
You mount an Active Directory snapshot on DC1.
You need to expose the snapshot as an LDAP server.
Which tool should you use?
A. Ldp
B. ADSI Edit
C. Dsamain
D. Ntdsutil
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389
http://technet.microsoft.com/en-us/library/gg398251.aspx
QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
You mount an Active Directory snapshot on DC1.
You need to expose the snapshot as an LDAP server.
Which tool should you use?
A. Ldp
B. ADSI Edit
C. Dsamain
D. Ntdsutil
Correct Answer: C
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-449.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
QUESTION 27
Your network contains an Active Directory domain named contoso.com. Domain controllers run either
Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?
A. Get-ADDefaultDomainPasswordPolicy
B. Active Directory Administrative Center
C. Local Security Policy
D. Get-ADAccountResultantPasswordReplicationPolicy
E. Server Manager
Correct Answer: B
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
In Windows Server 2012, fine-grained password policy management is made much easier than Windows
Server 2008/2008 R2. Windows Administrators not have to use ADSI Edit and configure complicated
settings to create the Password Settings Object (PSO) in the Password Settings Container. Instead we can
configure fine-grained password policy directly in Active Directory Administrative Center (ADAC).
QUESTION 28
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
Administrators use client computers that run Windows 8 to perform all management tasks.
A central store is configured on a domain controller named DC1.
You have a custom administrative template file named App1.admx. App1.admx contains application
settings for an application named Appl.
From a client computer named Computer1, you create a new Group Policy object (GPO) named GPO1.
You discover that the application settings for App1 fail to appear in GPO1.
You need to ensure that the App1 settings appear in all of the new GPOs that you create.
What should you do?
A. From the Default Domain Controllers Policy, add App1.admx to the Administrative Templates.
B. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\.
C. From the Default Domain Policy, add App1.admx to the Administrative Templates.
D. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs.
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on
a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The
Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store
are later replicated to all domain controllers in the domain.
QUESTION 29
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server
Update Services server role installed.
Server1 stores update files locally in C:\Updates.
You need to change the location in which the update files are stored to D:\Updates.
What should you do?
A. From the Update Services console, run the Windows Server Update Services Configuration Wizard.
B. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
C. From the Update Services console, configure the Update Files and Languages option.
D. From a command prompt, run wsusutil.exe and specify the export parameter.
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
You might need to change the location where WSUS stores updates locally. This might be required if the
disk becomes full and there is no longer any room for new updates. You might also have to do this if the
disk where updates are stored fails and the replacement disk uses a new drive letter.
You accomplish this move with the movecontent command of WSUSutil.exe, a command- line tool that is
copied to the file system of the WSUS server during WSUS Setup. By default, Setup copies WSUSutil.exe
to the following location:
WSUSInstallationDrive:\Program Files\Microsoft Windows Server Update Services\Tools\
QUESTION 30
You have a server named Server1 that runs Windows Server 2012 R2.
You create a custom Data Collector Set (DCS) named DCS1.
You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70
percent.
Which type of data collector should you create?
A. A performance counter alert
B. A configuration data collector
C. A performance counter data collector
D. An event trace data collector
Correct Answer: A
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Performance alerts notify you when a specified performance counter exceeds your configured threshold by
logging an event to the event log. But rather than notifying you immediately when the counter exceeds the
threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid
unnecessary alerts.
QUESTION 27
Your network contains an Active Directory domain named contoso.com. Domain controllers run either
Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?
A. Get-ADDefaultDomainPasswordPolicy
B. Active Directory Administrative Center
C. Local Security Policy
D. Get-ADAccountResultantPasswordReplicationPolicy
E. Server Manager
Correct Answer: B
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
In Windows Server 2012, fine-grained password policy management is made much easier than Windows
Server 2008/2008 R2. Windows Administrators not have to use ADSI Edit and configure complicated
settings to create the Password Settings Object (PSO) in the Password Settings Container. Instead we can
configure fine-grained password policy directly in Active Directory Administrative Center (ADAC).
QUESTION 28
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012 R2.
Administrators use client computers that run Windows 8 to perform all management tasks.
A central store is configured on a domain controller named DC1.
You have a custom administrative template file named App1.admx. App1.admx contains application
settings for an application named Appl.
From a client computer named Computer1, you create a new Group Policy object (GPO) named GPO1.
You discover that the application settings for App1 fail to appear in GPO1.
You need to ensure that the App1 settings appear in all of the new GPOs that you create.
What should you do?
A. From the Default Domain Controllers Policy, add App1.admx to the Administrative Templates.
B. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\.
C. From the Default Domain Policy, add App1.admx to the Administrative Templates.
D. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs.
Correct Answer: B
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on
a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The
Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store
are later replicated to all domain controllers in the domain.
QUESTION 29
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server
Update Services server role installed.
Server1 stores update files locally in C:\Updates.
You need to change the location in which the update files are stored to D:\Updates.
What should you do?
A. From the Update Services console, run the Windows Server Update Services Configuration Wizard.
B. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
C. From the Update Services console, configure the Update Files and Languages option.
D. From a command prompt, run wsusutil.exe and specify the export parameter.
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
You might need to change the location where WSUS stores updates locally. This might be required if the
disk becomes full and there is no longer any room for new updates. You might also have to do this if the
disk where updates are stored fails and the replacement disk uses a new drive letter.
You accomplish this move with the movecontent command of WSUSutil.exe, a command- line tool that is
copied to the file system of the WSUS server during WSUS Setup. By default, Setup copies WSUSutil.exe
to the following location:
WSUSInstallationDrive:\Program Files\Microsoft Windows Server Update Services\Tools\
QUESTION 30
You have a server named Server1 that runs Windows Server 2012 R2.
You create a custom Data Collector Set (DCS) named DCS1.
You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70
percent.
Which type of data collector should you create?
A. A performance counter alert
B. A configuration data collector
C. A performance counter data collector
D. An event trace data collector
Correct Answer: A
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 15/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Performance alerts notify you when a specified performance counter exceeds your configured threshold by
logging an event to the event log. But rather than notifying you immediately when the counter exceeds the
threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid
unnecessary alerts.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-453.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 31
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS
server named Server1 that runs Windows Server 2012 R2.
You add a VPN server named Server2 to the network.
On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
A. Server Manager
B. Routing and Remote Access
C. New-NpsRadiusClient
D. Connection Manager Administration Kit (CMAK)
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Explanation:
New-NpsRadiusClient -Name "NameOfMyClientGroup" -Address "10.1.0.0/16" – AuthAttributeRequired 0 –
NapCompatible 0 -SharedSecret "SuperSharedSecretxyz" – VendorName "RADIUS Standard"
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS
server named Server1 that runs Windows Server 2012 R2.
You add a VPN server named Server2 to the network.
On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
A. Server Manager
B. Routing and Remote Access
C. New-NpsRadiusClient
D. Connection Manager Administration Kit (CMAK)
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Explanation:
New-NpsRadiusClient -Name "NameOfMyClientGroup" -Address "10.1.0.0/16" – AuthAttributeRequired 0 –
NapCompatible 0 -SharedSecret "SuperSharedSecretxyz" – VendorName "RADIUS Standard"
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-455.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
http://technet.microsoft.com/en-us/library/hh918425(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/jj872740(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/dd469790.aspx
QUESTION 32
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role
installed.
You need to allow connections that use 802.1x. What should you create?
A. A network policy that uses Microsoft Protected EAP (PEAP) authentication
B. A network policy that uses EAP-MSCHAP v2 authentication
C. A connection request policy that uses EAP (PEAP) authentication
D. A connection request policy that uses MS-CHAP v2 authentication
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Change : A connection request policy that uses EAP-MSCHAP v2 authentication
For : A connection request policy that uses EAP (PEAP) authentication
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates,
smart cards, or credentials. EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in
certificate- based security environments, and it provides the strongest authentication and key
determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual
authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP
authentication protocols.
Connection request policies are sets of conditions and settings that allow network administrators to
designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication
and authorization of connection requests that the server running Network Policy Server (NPS) receives
from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers
are used for RADIUS accounting.
With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on
factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service
installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN
enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A. A system health validator (SHV)
B. The Host Credential Authorization Protocol (HCAP)
C. A computer certificate
D. The Remote Access server role
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Configure NAP enforcement for VPN
This checklist provides the steps required to deploy computers with Routing and Remote Access Service
installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection
(NAP).
http://technet.microsoft.com/en-us/library/jj872740(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/dd469790.aspx
QUESTION 32
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role
installed.
You need to allow connections that use 802.1x. What should you create?
A. A network policy that uses Microsoft Protected EAP (PEAP) authentication
B. A network policy that uses EAP-MSCHAP v2 authentication
C. A connection request policy that uses EAP (PEAP) authentication
D. A connection request policy that uses MS-CHAP v2 authentication
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Change : A connection request policy that uses EAP-MSCHAP v2 authentication
For : A connection request policy that uses EAP (PEAP) authentication
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates,
smart cards, or credentials. EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in
certificate- based security environments, and it provides the strongest authentication and key
determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual
authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP
authentication protocols.
Connection request policies are sets of conditions and settings that allow network administrators to
designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication
and authorization of connection requests that the server running Network Policy Server (NPS) receives
from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers
are used for RADIUS accounting.
With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on
factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service
installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN
enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A. A system health validator (SHV)
B. The Host Credential Authorization Protocol (HCAP)
C. A computer certificate
D. The Remote Access server role
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
Configure NAP enforcement for VPN
This checklist provides the steps required to deploy computers with Routing and Remote Access Service
installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection
(NAP).
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-460.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-462.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
QUESTION 34
Your network contains a single Active Directory domain named contoso.com. The domain contains a
member server named Server1 that runs Windows Server 2012 R2.
Server1 has the Windows Server updates Services server role installed and is configured to download
updates from the Microsoft Update servers.
You need to ensure that Server1 downloads express installation files from the Microsoft Update
servers.
What should you do from the Update Services console?
A. From the Update Files and Languages options, configure the Update Files settings.
B. From the Automatic Approvals options, configure the Update Rules settings.
C. From the Products and Classifications options, configure the Products settings.
D. From the Products and Classifications options, configure the Classifications settings.
Correct Answer: A
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 14/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
To specify whether express installation files are downloaded during synchronization
In the left pane of the WSUS Administration console, click Options.
In Update Files and Languages, click the Update Files tab.
If you want to download express installation files, select the Download express installation files check box.
If you do not want to download express installation files, clear the check box.
Your network contains a single Active Directory domain named contoso.com. The domain contains a
member server named Server1 that runs Windows Server 2012 R2.
Server1 has the Windows Server updates Services server role installed and is configured to download
updates from the Microsoft Update servers.
You need to ensure that Server1 downloads express installation files from the Microsoft Update
servers.
What should you do from the Update Services console?
A. From the Update Files and Languages options, configure the Update Files settings.
B. From the Automatic Approvals options, configure the Update Rules settings.
C. From the Products and Classifications options, configure the Products settings.
D. From the Products and Classifications options, configure the Classifications settings.
Correct Answer: A
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Last update: 14/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
To specify whether express installation files are downloaded during synchronization
In the left pane of the WSUS Administration console, click Options.
In Update Files and Languages, click the Update Files tab.
If you want to download express installation files, select the Download express installation files check box.
If you do not want to download express installation files, clear the check box.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-465.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
http://technet.microsoft.com/en-us/library/cc708431.aspx
http://technet.microsoft.com/en-us/library/cc708431.aspx
QUESTION 35
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access
server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?
A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that support virtual
local area networks (VLANs), you can configure Network Policy Server (NPS) network policy to instruct the
access servers to place members of Active Directory?groups on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain
Services (AD DS) that you want to assign to specific VLANs. Then when you run the New Network Policy
wizard, add the Active Directory group as a condition of the network policy.
You can create a separate network policy for each group that you want to assign to a VLAN. For more
information, see Create a Group for a Network Policy. When you configure network policy for use with
VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-Group-ID,
and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-
Tag. To configure these attributes in a network policy, use the New Network Policy wizard to create a
network policy. You can add the attributes to the network policy settings while running the wizard or after
you have successfully created a policy with the wizard.
Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the
New Network Policy wizard. For example, if the network policy you are configuring is a wireless policy, in
Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be
assigned. For example, if you want to create a Sales VLAN for your sales team by assigning team
members to VLAN 4, type the number 4.
Tunnel-Type. Select the value Virtual LANs (VLAN).
Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this
attribute, obtain this value from your hardware documentation.
QUESTION 36
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service
installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should
you use?
A. The tracert.exe command
B. The Network Policy Server console
C. The Server Manager console
D. The netsh.exe command
Correct Answer: D
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
In order to log detailed information about the authentication and authorization processes on a Network
Policy Server, you can trace logging (trace logging) enable the NPS server. The logs are by default in the
directory C: \ Windows \ tracinig. To enable trace logging on a Network Policy Server:
Open a command prompt with elevated privileges.
Enter netsh ras set tr * Enable a.
Perform the actions you want to track their expiry.
Enter netsh ras set tr * Disable a.
Close the command prompt.
QUESTION 37
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service
installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently
provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
http://technet.microsoft.com/en-us/library/cc708431.aspx
QUESTION 35
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access
server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?
A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
Correct Answer: C
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that support virtual
local area networks (VLANs), you can configure Network Policy Server (NPS) network policy to instruct the
access servers to place members of Active Directory?groups on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain
Services (AD DS) that you want to assign to specific VLANs. Then when you run the New Network Policy
wizard, add the Active Directory group as a condition of the network policy.
You can create a separate network policy for each group that you want to assign to a VLAN. For more
information, see Create a Group for a Network Policy. When you configure network policy for use with
VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-Group-ID,
and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-
Tag. To configure these attributes in a network policy, use the New Network Policy wizard to create a
network policy. You can add the attributes to the network policy settings while running the wizard or after
you have successfully created a policy with the wizard.
Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the
New Network Policy wizard. For example, if the network policy you are configuring is a wireless policy, in
Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be
assigned. For example, if you want to create a Sales VLAN for your sales team by assigning team
members to VLAN 4, type the number 4.
Tunnel-Type. Select the value Virtual LANs (VLAN).
Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this
attribute, obtain this value from your hardware documentation.
QUESTION 36
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service
installed.
You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool should
you use?
A. The tracert.exe command
B. The Network Policy Server console
C. The Server Manager console
D. The netsh.exe command
Correct Answer: D
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
In order to log detailed information about the authentication and authorization processes on a Network
Policy Server, you can trace logging (trace logging) enable the NPS server. The logs are by default in the
directory C: \ Windows \ tracinig. To enable trace logging on a Network Policy Server:
Open a command prompt with elevated privileges.
Enter netsh ras set tr * Enable a.
Perform the actions you want to track their expiry.
Enter netsh ras set tr * Disable a.
Close the command prompt.
QUESTION 37
Your network contains an Active Directory domain named contoso.com. The domain contains a server
named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service
installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently
provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-470.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
You need to configure Server1 to provide unique NAP enforcement settings to the NAP noncompliant
DHCP clients from Scope1.
What should you create?
A. A connection request policy that has the Service Type condition
B. A connection request policy that has the Identity Type condition
C. A network policy that has the Identity Type condition
D. A network policy that has the MS-Service Class condition
Correct Answer: D
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
MS-Service Class
Restricts the policy to clients that have received an IP address from a DHCP scope that
matches the specified DHCP profile name. This condition is used only when you are deploying NAP with
the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that
identifies your DHCP scope, type the name of an existing DHCP profile.
Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you
want to configure.
In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network
Access Protection group of conditions. If you want to configure the Identity Type condition, click Identity
Type, and then click Add. In Specify the method in which clients are identified in this policy, select the
items appropriate for your deployment, and then click OK.
The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement
methods to allow client health checks when NPS does not receive an Access- Request message that
contains a value for the User-Name attribute; in this case, client health checks are performed, but
authentication and authorization are not performed.
If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In
Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and
then click Add.
DHCP clients from Scope1.
What should you create?
A. A connection request policy that has the Service Type condition
B. A connection request policy that has the Identity Type condition
C. A network policy that has the Identity Type condition
D. A network policy that has the MS-Service Class condition
Correct Answer: D
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
MS-Service Class
Restricts the policy to clients that have received an IP address from a DHCP scope that
matches the specified DHCP profile name. This condition is used only when you are deploying NAP with
the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that
identifies your DHCP scope, type the name of an existing DHCP profile.
Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you
want to configure.
In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network
Access Protection group of conditions. If you want to configure the Identity Type condition, click Identity
Type, and then click Add. In Specify the method in which clients are identified in this policy, select the
items appropriate for your deployment, and then click OK.
The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement
methods to allow client health checks when NPS does not receive an Access- Request message that
contains a value for the User-Name attribute; in this case, client health checks are performed, but
authentication and authorization are not performed.
If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In
Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and
then click Add.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-474.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
The MS-Service Class condition restricts the policy to clients that have received an IP address from a
DHCP scope that matches the specified DHCP profile name. This condition is used only when you are
deploying NAP with the DHCP enforcement method.
http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
QUESTION 38
Your network contains a Network Policy Server (NPS) server named Server1. The network contains a
server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server
2012 R2.
You configure NPS on Server1 to log accounting data to a database on SQL1.
You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize
cost.
What should you do?
A. Implement Failover Clustering.
B. Implement database mirroring.
C. Run the Accounting Configuration Wizard.
D. Modify the SQL Server Logging properties.
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
In Windows Server 2008 R2, an accounting configuration wizard is added to the Accounting node in the
NPS console. By using the Accounting Configuration wizard, you can configure the following four
accounting settings:
SQL logging only. By using this setting, you can configure a data link to a SQL Server that allows NPS to
connect to and send accounting data to the SQL server. In addition, the wizard can configure the database
on the SQL Server to ensure that the database is compatible with NPS SQL server logging. Text logging
only. By using this setting, you can configure NPS to log accounting data to a text file.
Parallel logging. By using this setting, you can configure the SQL Server data link and database. You can
also configure text file logging so that NPS logs simultaneously to the text file and the SQL Server
database. SQL logging with backup. By using this setting, you can configure the SQL Server data link and
database. In addition, you can configure text file logging that NPS uses if SQL Server logging fails.
QUESTION 39
Your network has a router named Router1 that provides access to the Internet. You have a server named
Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway.
A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP
address of the internal interface on Router2 is 10.1.14.254.
You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.
What should you do on Server1?
A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
B. Add 10.1.14.254 as a gateway and set the metric to 1.
C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
D. Add 10.1.14.254 as a gateway and set the metric to 500.
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
The keyword’s here are “internet access”
Metric 1 would give it a primary roll for routing trafic, which is NOT asked.
So this rules out A AND B.
Metric 500 gives it a secondary roll for routing trafic.
C is not the answer bcz: it only routes addresses 10.1.14.0/24 (which is a NONE routable/”life” range on
the internet! (10…(A-Class), 127…(B-Class), 192…(C-Class)). The solution however should route ALL
trafic comming in to the internet.
So the only logical answer is D.
http://windows.microsoft.com/en-us/windows/configuring-multiple-network-gateways#1TC=windows-7
QUESTION 40
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1. DC1 is a DNS server for contoso.com. The properties of the contoso.com zone are
configured as shown in the exhibit. (Click the Exhibit button.
DHCP scope that matches the specified DHCP profile name. This condition is used only when you are
deploying NAP with the DHCP enforcement method.
http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
QUESTION 38
Your network contains a Network Policy Server (NPS) server named Server1. The network contains a
server named SQL1 that has Microsoft SQL Server 2008 R2 installed. All servers run Windows Server
2012 R2.
You configure NPS on Server1 to log accounting data to a database on SQL1.
You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize
cost.
What should you do?
A. Implement Failover Clustering.
B. Implement database mirroring.
C. Run the Accounting Configuration Wizard.
D. Modify the SQL Server Logging properties.
Correct Answer: C
Section: 4. Configure a Network Policy Server infrastructure
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
In Windows Server 2008 R2, an accounting configuration wizard is added to the Accounting node in the
NPS console. By using the Accounting Configuration wizard, you can configure the following four
accounting settings:
SQL logging only. By using this setting, you can configure a data link to a SQL Server that allows NPS to
connect to and send accounting data to the SQL server. In addition, the wizard can configure the database
on the SQL Server to ensure that the database is compatible with NPS SQL server logging. Text logging
only. By using this setting, you can configure NPS to log accounting data to a text file.
Parallel logging. By using this setting, you can configure the SQL Server data link and database. You can
also configure text file logging so that NPS logs simultaneously to the text file and the SQL Server
database. SQL logging with backup. By using this setting, you can configure the SQL Server data link and
database. In addition, you can configure text file logging that NPS uses if SQL Server logging fails.
QUESTION 39
Your network has a router named Router1 that provides access to the Internet. You have a server named
Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway.
A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP
address of the internal interface on Router2 is 10.1.14.254.
You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.
What should you do on Server1?
A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
B. Add 10.1.14.254 as a gateway and set the metric to 1.
C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
D. Add 10.1.14.254 as a gateway and set the metric to 500.
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
The keyword’s here are “internet access”
Metric 1 would give it a primary roll for routing trafic, which is NOT asked.
So this rules out A AND B.
Metric 500 gives it a secondary roll for routing trafic.
C is not the answer bcz: it only routes addresses 10.1.14.0/24 (which is a NONE routable/”life” range on
the internet! (10…(A-Class), 127…(B-Class), 192…(C-Class)). The solution however should route ALL
trafic comming in to the internet.
So the only logical answer is D.
http://windows.microsoft.com/en-us/windows/configuring-multiple-network-gateways#1TC=windows-7
QUESTION 40
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1. DC1 is a DNS server for contoso.com. The properties of the contoso.com zone are
configured as shown in the exhibit. (Click the Exhibit button.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-477.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is
configured to use DC1 as a DNS server.
You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.
What should you configure?
A. The workgroup name of Server1
B. The Security settings of the contoso.com zone
C. The Dynamic updates setting of the contoso.com zone
D. The primary DNS suffix of Server1
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
When any computer or a standalone server is added to a domain as a member, the network identifies that
computer with its Fully Qualified Domain Name or FQDN. A Fully Qualified Domain Name consist of a
hostname and the DNs suffix separated by a ". " called period. An example for this can be server01.
msftdomain.com where "server01 is the hostname of the computer and "msftdomain.com" is the DNS
suffix which follows the hostname. A complete FQDN of a client computer or a member server uniquely
identifies that computer in the entire domain.
Primary DNS suffix must manually be added in Windows 8 computer to change its hostname to Fully
Qualified Domain Name so that it becomes eligible to send queries and receive responses from the DNS
server. Following are the steps which can be implemented to add primary DNS suffix to a Windows 8
computer hostname:
Log on to Windows 8 computer with administrator account. From the options available on the screen click
Control Panel. On the opened window click More Settings from the left pane. On the next window click
System and Security category and on the appeared window click System.
On View basic information about your computer window click Change settings under Computer name,
domain, and workgroup settings section. On System Properties box make sure that Computer Name tab is
selected and click Change button.
On Computer Name/Domain Changes box click More button. On DNS Suffix and NetBIOS Computer
Name box type in the DNS domain name as the DNS suffix to the Windows 8 computer under Primary
DNS suffix of this computer field. Click Ok button on all the boxes and restart the computer to allow
changes to take effect.
configured to use DC1 as a DNS server.
You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.
What should you configure?
A. The workgroup name of Server1
B. The Security settings of the contoso.com zone
C. The Dynamic updates setting of the contoso.com zone
D. The primary DNS suffix of Server1
Correct Answer: D
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Last update: 16/09/2015
Based on the actual exam and checked with an Premium account.
Explanation:
When any computer or a standalone server is added to a domain as a member, the network identifies that
computer with its Fully Qualified Domain Name or FQDN. A Fully Qualified Domain Name consist of a
hostname and the DNs suffix separated by a ". " called period. An example for this can be server01.
msftdomain.com where "server01 is the hostname of the computer and "msftdomain.com" is the DNS
suffix which follows the hostname. A complete FQDN of a client computer or a member server uniquely
identifies that computer in the entire domain.
Primary DNS suffix must manually be added in Windows 8 computer to change its hostname to Fully
Qualified Domain Name so that it becomes eligible to send queries and receive responses from the DNS
server. Following are the steps which can be implemented to add primary DNS suffix to a Windows 8
computer hostname:
Log on to Windows 8 computer with administrator account. From the options available on the screen click
Control Panel. On the opened window click More Settings from the left pane. On the next window click
System and Security category and on the appeared window click System.
On View basic information about your computer window click Change settings under Computer name,
domain, and workgroup settings section. On System Properties box make sure that Computer Name tab is
selected and click Change button.
On Computer Name/Domain Changes box click More button. On DNS Suffix and NetBIOS Computer
Name box type in the DNS domain name as the DNS suffix to the Windows 8 computer under Primary
DNS suffix of this computer field. Click Ok button on all the boxes and restart the computer to allow
changes to take effect.
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-478.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-480.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
For years, Windows DNS has supported dynamic updates, whereas a DNS client host registers and
dynamically updates the resource records with a DNS server. If a host’s IP address changes, the resource
record (particularly the A record) for the host is automatically updated, while the host utilizes the DHCP
server to dynamically update its Pointer (PTR) resource record. Therefore, when a user or service needs
to contact a client PC, it can look up the IP address of the host. With larger organizations, this becomes an
essential feature, especially for clients that frequently move or change locations and use DHCP to
automatically obtain an IP address. For dynamic DNS updates to succeed, the zone must be configured to
accept dynamic updates:
dynamically updates the resource records with a DNS server. If a host’s IP address changes, the resource
record (particularly the A record) for the host is automatically updated, while the host utilizes the DHCP
server to dynamically update its Pointer (PTR) resource record. Therefore, when a user or service needs
to contact a client PC, it can look up the IP address of the host. With larger organizations, this becomes an
essential feature, especially for clients that frequently move or change locations and use DHCP to
automatically obtain an IP address. For dynamic DNS updates to succeed, the zone must be configured to
accept dynamic updates:
![[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure](http://www.pdf4exam.com/wp-content/uploads/2016/07/image-481.png "[2016 NEW! 70-411 Exam] Microsoft Braindumps Microsoft.70-411 by.Sacriestory&PP_PP.366q exam Bpart2(21-40) Exam VCE Dumps For free download with 100%pass ensure")
http://technet.microsoft.com/en-us/library/cc778792%28v=ws.10%29.aspx
http://www.advicehow.com/adding-primary-dns-suffix-in-microsoft-windows-8/
http://technet.microsoft.com/en-us/library/cc959611.aspx
http://www.advicehow.com/adding-primary-dns-suffix-in-microsoft-windows-8/
http://technet.microsoft.com/en-us/library/cc959611.aspx
Latest online browsing the 70-411 exam!
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment