Do you want to pass the 70-411 examsavior exam? What are the new questions of
the latest 70-411 exam? Braindumps 70-411 VCE dumps and 70-411 PDF dumps will
tell you all about the 70-411 examsavior exam.Here are the examsavior newest and
covered all new added questions and answers, which will help you 100% passing
70-411 examsavior exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
Exam B
QUESTION 1
Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named
Server1.contoso.com. The adatum.com forest contains a server named server2. adatum.com. Both servers have the Network Policy Server role service
installed.
The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed.
You plan to configure Server3 as an authentication provider for several VPN servers.
You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com.
Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.)
A. Remediation server groups
B. Remote RADIUS server groups
C. Connection request policies
D. Network policies
E. Connection authorization policies
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate
which messages to forward and where to send the messages.
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection
requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the
domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in
untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To
configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which
messages to forward and where to send the messages.
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the
location where NPS is to forward connection requests.
QUESTION 1
Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named
Server1.contoso.com. The adatum.com forest contains a server named server2. adatum.com. Both servers have the Network Policy Server role service
installed.
The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed.
You plan to configure Server3 as an authentication provider for several VPN servers.
You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to Server1.contoso.com.
Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.)
A. Remediation server groups
B. Remote RADIUS server groups
C. Connection request policies
D. Network policies
E. Connection authorization policies
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate
which messages to forward and where to send the messages.
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection
requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the
domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in
untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To
configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which
messages to forward and where to send the messages.
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the
location where NPS is to forward connection requests.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1241.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/cc754518.aspx
http://technet.microsoft.com/en-us/library/cc754518.aspx
http://technet.microsoft.com/en-us/library/cc754518.aspx
QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2. Server1 has the Network Policy and Access Services server role installed.
Your company’s security policy requires that certificate-based authentication must be used by some network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy.
Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.)
A. MS-CHAP
B. PEAP-MS-CHAP v2
C. Chap
D. EAP-TLS
E. MS-CHAP v2
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and
uses server-side public key certificates to authenticate the server.
When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify
their identities to each other.
QUESTION 3
Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server
2012 R2.
All client computers run Windows 7.
You need to ensure that user settings are saved to \\Server1\Users\.
What should you do?
http://technet.microsoft.com/en-us/library/cc754518.aspx
http://technet.microsoft.com/en-us/library/cc754518.aspx
QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2. Server1 has the Network Policy and Access Services server role installed.
Your company’s security policy requires that certificate-based authentication must be used by some network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy.
Which two authentication methods should you identify? (Each correct answer presents part of the solution. Choose two.)
A. MS-CHAP
B. PEAP-MS-CHAP v2
C. Chap
D. EAP-TLS
E. MS-CHAP v2
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and
uses server-side public key certificates to authenticate the server.
When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify
their identities to each other.
QUESTION 3
Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server
2012 R2.
All client computers run Windows 7.
You need to ensure that user settings are saved to \\Server1\Users\.
What should you do?
A. From the properties of each user account, configure the Home folder settings.
B. From a Group Policy object (GPO), configure the Folder Redirection settings.
C. From the properties of each user account, configure the User profile settings.
D. From a Group Policy object (GPO), configure the Drive Maps preference.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user
profiles.
QUESTION 4
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is
linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. Server Manager
B. Active Directory Users and Computers
C. The Gpupdate command
D. Group Policy Management Console (GPMC)
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Starting with Windows Server?2012 and Windows?8, you can now remotely refresh Group Policy settings for all computers in an OU from one central
location through the Group Policy Management Console (GPMC). Or you can use the Invoke- GPUpdatecmdlet to refresh Group Policy for a set of
computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
B. From a Group Policy object (GPO), configure the Folder Redirection settings.
C. From the properties of each user account, configure the User profile settings.
D. From a Group Policy object (GPO), configure the Drive Maps preference.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user
profiles.
QUESTION 4
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is
linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort.
Which tool should you use?
A. Server Manager
B. Active Directory Users and Computers
C. The Gpupdate command
D. Group Policy Management Console (GPMC)
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Starting with Windows Server?2012 and Windows?8, you can now remotely refresh Group Policy settings for all computers in an OU from one central
location through the Group Policy Management Console (GPMC). Or you can use the Invoke- GPUpdatecmdlet to refresh Group Policy for a set of
computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1242.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1243.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows
Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1.
You need to update the PATH variable on all of the client computers.
Which Group Policy preference should you configure?
A. Ini Files
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows
Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1.
You need to update the PATH variable on all of the client computers.
Which Group Policy preference should you configure?
A. Ini Files
B. Services
C. Data Sources
D. Environment
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited
segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action
possible with this extension.
QUESTION 6
Your company has a main office and a branch office.
The main office contains a server that hosts a Distributed File System (DFS) replicated folder.
You plan to implement a new DFS server in the branch office.
You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the
branch office.
You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets.
Which additional command or cmdlet should you include in the recommendation?
A. Robocopy.exe
B. Synchost.exe
C. Export-BcCachePackage
D. Sync-DfsReplicationGroup
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
By preseeding files before you set up DFS Replication, add a new replication partner, or replace a server, you can speed up initial synchronization and
enable cloning of the DFS Replication database in Windows Server 2012 R2. The Robocopy method is one of several preceding methods
C. Data Sources
D. Environment
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited
segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action
possible with this extension.
QUESTION 6
Your company has a main office and a branch office.
The main office contains a server that hosts a Distributed File System (DFS) replicated folder.
You plan to implement a new DFS server in the branch office.
You need to recommend a solution that minimizes the amount of network bandwidth used to perform the initial synchronization of the folder to the
branch office.
You recommend using the Export-DfsrClone and Import-DfsrClonecmdlets.
Which additional command or cmdlet should you include in the recommendation?
A. Robocopy.exe
B. Synchost.exe
C. Export-BcCachePackage
D. Sync-DfsReplicationGroup
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
By preseeding files before you set up DFS Replication, add a new replication partner, or replace a server, you can speed up initial synchronization and
enable cloning of the DFS Replication database in Windows Server 2012 R2. The Robocopy method is one of several preceding methods
QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run
Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role
service installed.
Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are separated by a low-speed
WAN connection.
You need to limit the amount of bandwidth that DFS can use to replicate between Server1 and Server2.
What should you modify?
A. The referral ordering of the namespace
B. The staging quota of the replicated folder
C. The cache duration of the namespace
D. The schedule of the replication group
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Scheduling allows less bandwidth the by limiting the time interval of the replication Does DFS Replication throttle bandwidth per schedule, per server, or
per connection? If you configure bandwidth throttling when specifying the schedule, all connections for that replication group will use that setting for
bandwidth throttling. Bandwidth throttling can be also set as a connection-level setting using DFS Management.
To edit the schedule and bandwidth for a specific connection, use the following steps:
In the console tree under the Replication node, select the appropriate replication group. Click the Connections tab, right-click the connection that you
want to edit, and then click Properties.
Click the Schedule tab, select Custom connection schedule and then click Edit Schedule. Use the Edit Schedule dialog box to control when replication
occurs, as well as the maximum amount of bandwidth replication can consume.
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run
Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role
service installed.
Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are separated by a low-speed
WAN connection.
You need to limit the amount of bandwidth that DFS can use to replicate between Server1 and Server2.
What should you modify?
A. The referral ordering of the namespace
B. The staging quota of the replicated folder
C. The cache duration of the namespace
D. The schedule of the replication group
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Scheduling allows less bandwidth the by limiting the time interval of the replication Does DFS Replication throttle bandwidth per schedule, per server, or
per connection? If you configure bandwidth throttling when specifying the schedule, all connections for that replication group will use that setting for
bandwidth throttling. Bandwidth throttling can be also set as a connection-level setting using DFS Management.
To edit the schedule and bandwidth for a specific connection, use the following steps:
In the console tree under the Replication node, select the appropriate replication group. Click the Connections tab, right-click the connection that you
want to edit, and then click Properties.
Click the Schedule tab, select Custom connection schedule and then click Edit Schedule. Use the Edit Schedule dialog box to control when replication
occurs, as well as the maximum amount of bandwidth replication can consume.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1244.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
QUESTION 8
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Files created by users in the human resources department are assigned the Department classification property automatically.
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more.
You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize
administrative effort.
What should you configure on Task1?
A. Configure a file screen
B. Create a condition
C. Create a classification rule
D. Create a custom action
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Create a File Expiration Task
The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to
automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete
them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which
allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then
create additional conditions, or edit or remove an existing condition.
QUESTION 9
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use finegrained
password policies to customize the password policy settings ofcontoso.com.
You need to identify to which Active Directory object types you can directly apply the fine- grained password policies.
Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Users
B. Global groups
C. computers
D. Universal groups
E. Domain local groups
You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more.
You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize
administrative effort.
What should you configure on Task1?
A. Configure a file screen
B. Create a condition
C. Create a classification rule
D. Create a custom action
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Create a File Expiration Task
The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to
automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete
them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which
allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then
create additional conditions, or edit or remove an existing condition.
QUESTION 9
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use finegrained
password policies to customize the password policy settings ofcontoso.com.
You need to identify to which Active Directory object types you can directly apply the fine- grained password policies.
Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Users
B. Global groups
C. computers
D. Universal groups
E. Domain local groups
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
First off, your domain functional level must be at Windows Server 2008. Second, Fine- grained password policies ONLY apply to user objects, and global
security groups. Linking them to universal or domain local groups is ineffective. I know what you’re thinking, what about OU’s? Nope, Fine-grained
password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain
Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed.
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups.
You can apply Password Settings objects (PSOs) to users or global security groups:
http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc770848%28v=ws.10%29.aspx
http://www.brandonlawson.com/active-directory/creating-fine-grained-password-policies/
QUESTION 10
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1
that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A. Add-ClusterVmMonitoredItem
B. Add-ClusterGenericServiceRole
C. Set-ClusterResourceDependency
D. Enable VmResourceMetering
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a
virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual
Section: (none)
Explanation
Explanation/Reference:
Explanation:
First off, your domain functional level must be at Windows Server 2008. Second, Fine- grained password policies ONLY apply to user objects, and global
security groups. Linking them to universal or domain local groups is ineffective. I know what you’re thinking, what about OU’s? Nope, Fine-grained
password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain
Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed.
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups.
You can apply Password Settings objects (PSOs) to users or global security groups:
http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc770848%28v=ws.10%29.aspx
http://www.brandonlawson.com/active-directory/creating-fine-grained-password-policies/
QUESTION 10
You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1
that runs Windows Server 2012 R2.
You configure a custom service on VM1 named Service1.
You need to ensure that VM1 will be moved to a different node if Service1 fails.
Which cmdlet should you run on Cluster1?
A. Add-ClusterVmMonitoredItem
B. Add-ClusterGenericServiceRole
C. Set-ClusterResourceDependency
D. Enable VmResourceMetering
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Add-ClusterVMMonitoredItem cmdlet configures monitoring for a service or an Event Tracing for Windows (ETW) event so that it is monitored on a
virtual machine. If the service fails or the event occurs, then the system responds by taking an action based on the failover configuration for the virtual
machine resource. For example, the configuration might specify that the virtual machine be restarted.
QUESTION 11
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
You need to configure Windows Server Update Services (WSUS) to support Secure Sockets Layer (SSL).
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. From Internet Information Services (IIS) Manager, modify the connection strings of the WSUS website.
B. Install a server certificate.
C. Run the wsusutil.exe command.
D. Run the iisreset.exe command.
E. From Internet Information Services (IIS) Manager, modify the bindings of the WSUS website.
Correct Answer: BCE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Certficate needs to be installed to IIS, Bindings modifies and wsutil run.
1. First we need to request a certificate for the WSUS web site, so open IIS, click the server name, then open Server Certificates.
On the Actions pane click Create Domain Certificate.
2. To add the signing certificate to the WSUS Web site in IIS 7.0
On the WSUS server, open Internet Information Services (IIS) Manager.
Expand Sites, right-click the WSUS Web site, and then click Edit Bindings.
In the Site Binding dialog box, select the https binding, and click Edit to open the Edit Site Binding dialog box.
Select the appropriate Web server certificate in the SSL certificate box, and then click OK.
Click Close to exit the Site Bindings dialog box, and then click OK to close Internet Information Services (IIS) Manager.
3. WSUSUtil.exe configuressl<FQDN of the software update point site system> (the name in your certificate) WSUSUtil.exe configuressl<Intranet FQDN
of the software update point site system>.
4. The next step is to point your clients to the correct url, by modifying the existing GPO or creating a new one. Open the policy Specify intranet Microsoft
update service location and type the new url in the form https: //YourWSUSserver.
The gpupdate /force command will just download all the GPO’s and re-apply them to the client, it won’t force the client to check for updates. For that you
need to use wuauclt /resetautorization /detectnow followed by wuauclt /reportnow
http://technet.microsoft.com/en-us/library/bb680861.aspx
QUESTION 11
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
You need to configure Windows Server Update Services (WSUS) to support Secure Sockets Layer (SSL).
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. From Internet Information Services (IIS) Manager, modify the connection strings of the WSUS website.
B. Install a server certificate.
C. Run the wsusutil.exe command.
D. Run the iisreset.exe command.
E. From Internet Information Services (IIS) Manager, modify the bindings of the WSUS website.
Correct Answer: BCE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Certficate needs to be installed to IIS, Bindings modifies and wsutil run.
1. First we need to request a certificate for the WSUS web site, so open IIS, click the server name, then open Server Certificates.
On the Actions pane click Create Domain Certificate.
2. To add the signing certificate to the WSUS Web site in IIS 7.0
On the WSUS server, open Internet Information Services (IIS) Manager.
Expand Sites, right-click the WSUS Web site, and then click Edit Bindings.
In the Site Binding dialog box, select the https binding, and click Edit to open the Edit Site Binding dialog box.
Select the appropriate Web server certificate in the SSL certificate box, and then click OK.
Click Close to exit the Site Bindings dialog box, and then click OK to close Internet Information Services (IIS) Manager.
3. WSUSUtil.exe configuressl<FQDN of the software update point site system> (the name in your certificate) WSUSUtil.exe configuressl<Intranet FQDN
of the software update point site system>.
4. The next step is to point your clients to the correct url, by modifying the existing GPO or creating a new one. Open the policy Specify intranet Microsoft
update service location and type the new url in the form https: //YourWSUSserver.
The gpupdate /force command will just download all the GPO’s and re-apply them to the client, it won’t force the client to check for updates. For that you
need to use wuauclt /resetautorization /detectnow followed by wuauclt /reportnow
http://technet.microsoft.com/en-us/library/bb680861.aspx
http://technet.microsoft.com/en-us/library/bb633246.aspx
http://www.vkernel.ro/blog/configure-wsus-to-use-ssl
QUESTION 12
You have a server named Server1 that runs Windows Server 2012 R2.
You discover that the performance of Server1 is poor.
The results of a performance report generated on Server1 are shown in the following table.
http://www.vkernel.ro/blog/configure-wsus-to-use-ssl
QUESTION 12
You have a server named Server1 that runs Windows Server 2012 R2.
You discover that the performance of Server1 is poor.
The results of a performance report generated on Server1 are shown in the following table.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1245.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to identify the cause of the performance issue.
What should you identify?
A. Driver malfunction
B. Insufficient RAM
C. Excessive paging
D. NUMA fragmentation
Correct Answer: A
What should you identify?
A. Driver malfunction
B. Insufficient RAM
C. Excessive paging
D. NUMA fragmentation
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC
requests are more often than not associated with the network interface.
Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50%
of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For
example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate
a large percentage of processor activity.
Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is
the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this
mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode
NT components to occasionally cause this type of performance issue.
Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/
sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how
often the system is using the hard drive to store or retrieve memory associated data.
http://technet.microsoft.com/en-us/library/cc768048.aspx
QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All
servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server
2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
A. From the General settings, modify the Startup type.
B. From the General settings, modify the Service status.
C. From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
D. From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
Explanation
Explanation/Reference:
Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC
requests are more often than not associated with the network interface.
Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50%
of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For
example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate
a large percentage of processor activity.
Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is
the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this
mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode
NT components to occasionally cause this type of performance issue.
Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/
sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how
often the system is using the hard drive to store or retrieve memory associated data.
http://technet.microsoft.com/en-us/library/cc768048.aspx
QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All
servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server
2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
A. From the General settings, modify the Startup type.
B. From the General settings, modify the Service status.
C. From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
D. From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to
None. Virtual machine state must be managed through the Failover Clustering feature.
Virtual machine application monitoring and management In clusters running Windows Server 2012, administrators can monitor services on clustered
virtual machines that are also running Windows Server 2012. This functionality extends the high-level monitoring of virtual machines that is implemented
in Windows Server 2008 R2 failover clusters. If a monitored service in a virtual machine fails, the service can be restarted, or the clustered virtual
machine can be restarted or moved to another node (depending on service restart settings and cluster failover settings). This feature increases the
uptime of high availability services that are running on virtual machines within a failover cluster.
Windows Server 2012 Failover Cluster introduces a new capability for Hyper-V virtual machines (VMs), which is a basic monitoring of a service within
the VM which causes the VM to be rebooted should the monitored service fail three times. For this feature to work the following must be configured:
Both the Hyper-V servers must be Windows Server 2012 and the guest OS running in theVM must be Windows Server 2012.
The host and guest OSs are in the same or at least trusting domains. The Failover Cluster administrator must be a member of the local administrator’s
group inside the VM.
Ensure the service being monitored is set to Take No Action (see screen shot below) within the guest VM for Subsequent failures (which is used after
the first and second failures) and is set via the Recovery tab of the service properties within the Services application (services. msc).
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to
None. Virtual machine state must be managed through the Failover Clustering feature.
Virtual machine application monitoring and management In clusters running Windows Server 2012, administrators can monitor services on clustered
virtual machines that are also running Windows Server 2012. This functionality extends the high-level monitoring of virtual machines that is implemented
in Windows Server 2008 R2 failover clusters. If a monitored service in a virtual machine fails, the service can be restarted, or the clustered virtual
machine can be restarted or moved to another node (depending on service restart settings and cluster failover settings). This feature increases the
uptime of high availability services that are running on virtual machines within a failover cluster.
Windows Server 2012 Failover Cluster introduces a new capability for Hyper-V virtual machines (VMs), which is a basic monitoring of a service within
the VM which causes the VM to be rebooted should the monitored service fail three times. For this feature to work the following must be configured:
Both the Hyper-V servers must be Windows Server 2012 and the guest OS running in theVM must be Windows Server 2012.
The host and guest OSs are in the same or at least trusting domains. The Failover Cluster administrator must be a member of the local administrator’s
group inside the VM.
Ensure the service being monitored is set to Take No Action (see screen shot below) within the guest VM for Subsequent failures (which is used after
the first and second failures) and is set via the Recovery tab of the service properties within the Services application (services. msc).
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1246.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Within the guest VM, ensure the Virtual Machine Monitoring firewall exception is enabled for the Domain network by using the Windows Firewall with
Advanced Security application or by using the Windows PowerShell command below: Set-NetFirewallRule -DisplayGroup “Virtual Machine Monitoring” –
Enabled True
After the above is true, enabling the monitoring is a simple process:
Launch the Failover Cluster Manager tool.
Navigate to the cluster – Roles.
Right click on the virtual machine role you wish to enable monitoring for and under More Actions select Configure Monitoring. . .
Advanced Security application or by using the Windows PowerShell command below: Set-NetFirewallRule -DisplayGroup “Virtual Machine Monitoring” –
Enabled True
After the above is true, enabling the monitoring is a simple process:
Launch the Failover Cluster Manager tool.
Navigate to the cluster – Roles.
Right click on the virtual machine role you wish to enable monitoring for and under More Actions select Configure Monitoring. . .
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1247.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
The services running inside the VM will be gathered and check the box for the services that should be monitored and click OK.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1248.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You are done!
Monitoring can also be enabled using the Add-ClusterVMMonitoredItemcmdlet and – VirtualMachine, with the -Service parameters, as the example
below shows: PS
C:\Windows\system32> Add-ClusterVMMonitoredItem -VirtualMachine savdaltst01 – Service spooler
http://sportstoday.us/technology/windows-server-2012-continuous-availability-%28part-4%29-failover-clustering-enhancements-virtual-machinemonitoring.
aspx
http://windowsitpro.com/windows-server-2012/enable-windows-server-2012-failover-cluster-hyper-v-vm-monitoring
http://technet.microsoft.com/en-us/library/cc742396.aspx
QUESTION 14
You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com.
Monitoring can also be enabled using the Add-ClusterVMMonitoredItemcmdlet and – VirtualMachine, with the -Service parameters, as the example
below shows: PS
C:\Windows\system32> Add-ClusterVMMonitoredItem -VirtualMachine savdaltst01 – Service spooler
http://sportstoday.us/technology/windows-server-2012-continuous-availability-%28part-4%29-failover-clustering-enhancements-virtual-machinemonitoring.
aspx
http://windowsitpro.com/windows-server-2012/enable-windows-server-2012-failover-cluster-hyper-v-vm-monitoring
http://technet.microsoft.com/en-us/library/cc742396.aspx
QUESTION 14
You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com.
You need to specify the email address of the person responsible for the zone.
Which type of DNS record should you configure?
A. Start of authority (SOA)
B. Host information (HINFO)
C. Mailbox (MB)
D. Mail exchanger (MX)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A SOA-record defines the responsible person for an entire zone, but a zone may contain many individual hosts / domain names for which different
people are responsible. The RP- record type makes it possible to identify the responsible person for individual host names contained within the zone
Which type of DNS record should you configure?
A. Start of authority (SOA)
B. Host information (HINFO)
C. Mailbox (MB)
D. Mail exchanger (MX)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A SOA-record defines the responsible person for an entire zone, but a zone may contain many individual hosts / domain names for which different
people are responsible. The RP- record type makes it possible to identify the responsible person for individual host names contained within the zone
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1249.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1250.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
QUESTION 15
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in
both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an
Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on
Server2.
What should you create?
A. A trust anchor
B. A stub zone
C. A zone delegation
D. A secondary zone
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in
both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an
Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on
Server2.
What should you create?
A. A trust anchor
B. A stub zone
C. A zone delegation
D. A secondary zone
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers
for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate
merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
QUESTION 16
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate
merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
QUESTION 16
Your network is configured as shown in the exhibit. (Click the Exhibit button.)
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1253.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Server1 regularly accesses Server2.
You discover that all of the connections from Server1 to Server2 are routed through Router1.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
A. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
B. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50
C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100
D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Destination – specifies either an IP address or host name for the network or host.
subnetmask – specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used.
You discover that all of the connections from Server1 to Server2 are routed through Router1.
You need to optimize the connection path from Server1 to Server2.
Which route command should you run on Server1?
A. Route add -p 10.10.10.0 MASK 255.255.255.0 172.23.16.2 METRIC 100
B. Route add -p 10.10.10.0 MASK 255.255.255.0 10.10.10.1 METRIC 50
C. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.1 METRIC 100
D. Route add -p 10.10.10.12 MASK 255.255.255.0 10.10.10.0 METRIC 50
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Destination – specifies either an IP address or host name for the network or host.
subnetmask – specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used.
gateway – specifies either an IP address or host name for the gateway or router to use when forwarding.
costmetric – assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive
routes. If costmetric is not specified, 1 is used.
interface – specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the
route is determined from the gateway IP address.
http://support.microsoft.com/kb/299540/en-us
http://technet.microsoft.com/en-us/library/cc757323%28v=ws.10%29.aspx
QUESTION 17
Your network contains an Active Directory domain named adatum.com.
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone.
What should you do first?
A. Run the Zone Signing Wizard for the zone.
B. From the properties of the zone, modify the start of authority (SOA) record.
C. From the properties of the zone, change the zone type.
D. Run the New Delegation Wizard for the zone.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Zone would need to be changed to a AD integrated zone When you use directory- integrated zones, you can use access control list (ACL) editing to
secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the
zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a
secure group, such as a domain administrators group. This security feature is not available with standard primary zones
DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list
(ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource
record.
Standard (not an Active Directory integrated zone) has no Security settings:
costmetric – assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive
routes. If costmetric is not specified, 1 is used.
interface – specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the
route is determined from the gateway IP address.
http://support.microsoft.com/kb/299540/en-us
http://technet.microsoft.com/en-us/library/cc757323%28v=ws.10%29.aspx
QUESTION 17
Your network contains an Active Directory domain named adatum.com.
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone.
What should you do first?
A. Run the Zone Signing Wizard for the zone.
B. From the properties of the zone, modify the start of authority (SOA) record.
C. From the properties of the zone, change the zone type.
D. Run the New Delegation Wizard for the zone.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Zone would need to be changed to a AD integrated zone When you use directory- integrated zones, you can use access control list (ACL) editing to
secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the
zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a
secure group, such as a domain administrators group. This security feature is not available with standard primary zones
DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list
(ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource
record.
Standard (not an Active Directory integrated zone) has no Security settings:
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1254.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to firstly change the “Standard Primary Zone” to AD Integrated Zone:
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1255.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Now there’s Security tab:
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1256.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
QUESTION 18
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server
2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server
2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1257.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to ensure that an entry is added to the event log whenever a local user account is created or deleted on Server1.
What should you do?
A. In Servers GPO, modify the Advanced Audit Configuration settings.
B. On Server1, attach a task to the security log.
C. In Servers GPO, modify the Audit Policy settings.
What should you do?
A. In Servers GPO, modify the Advanced Audit Configuration settings.
B. On Server1, attach a task to the security log.
C. In Servers GPO, modify the Audit Policy settings.
D. On Server1, attach a task to the system log.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings.
The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings.
Enabling Advanced Audit Policy Configuration
Basic and advanced audit policy configurations should not be mixed. As such, it’s best practice to enable Audit: Force audit policy subcategory settings
(Windows Vista or later) to override audit policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found
under Computer Configuration\Policies\Security Settings\Local Policies\Security Options, and sets the SCENoApplyLegacyAuditPolicy registry key to
prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in.
In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously,
there were nine basic auditing settings under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. These 53
new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you,
or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be
applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.
Audit Policy settings
Any changes to user account and resource permissions.
Any failed attempts for user logon.
Any failed attempts for resource access.
Any modification to the system files.
Advanced Audit Configuration SettingsAudit compliance with important business-related and security-related rules by tracking precisely defined
activities, such as:
A group administrator has modified settings or data on servers that contain finance information.
An employee within a defined group has accessed an important file. The correct system access control list (SACL) is applied to every file and folder or
registry key on a computer or file share as a verifiable safeguard against undetected access.
In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and
so on.
Advanced Audit Configuration SettingsAdvanced Audit Configuration Settings ->Audit Policy -> Account Management -> Audit User Account
Management
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
When you use Advanced Audit Policy Configuration settings, you need to confirm that these settings are not overwritten by basic audit policy settings.
The following procedure shows how to prevent conflicts by blocking the application of any basic audit policy settings.
Enabling Advanced Audit Policy Configuration
Basic and advanced audit policy configurations should not be mixed. As such, it’s best practice to enable Audit: Force audit policy subcategory settings
(Windows Vista or later) to override audit policy category settings in Group Policy to make sure that basic auditing is disabled. The setting can be found
under Computer Configuration\Policies\Security Settings\Local Policies\Security Options, and sets the SCENoApplyLegacyAuditPolicy registry key to
prevent basic auditing being applied using Group Policy and the Local Security Policy MMC snap-in.
In Windows 7 and Windows Server 2008 R2, the number of audit settings for which success and failure can be tracked has increased to 53. Previously,
there were nine basic auditing settings under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. These 53
new settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you,
or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be
applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.
Audit Policy settings
Any changes to user account and resource permissions.
Any failed attempts for user logon.
Any failed attempts for resource access.
Any modification to the system files.
Advanced Audit Configuration SettingsAudit compliance with important business-related and security-related rules by tracking precisely defined
activities, such as:
A group administrator has modified settings or data on servers that contain finance information.
An employee within a defined group has accessed an important file. The correct system access control list (SACL) is applied to every file and folder or
registry key on a computer or file share as a verifiable safeguard against undetected access.
In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and
so on.
Advanced Audit Configuration SettingsAdvanced Audit Configuration Settings ->Audit Policy -> Account Management -> Audit User Account
Management
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1258.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
In Servers GPO, modify the Audit Policy settings – enabling audit account management setting will generate events about account creation, deletion and
so on.
so on.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1259.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx
http://technet.microsoft.com/en-us/library/dd772623%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx
http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm
http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx#BKMK_step2
QUESTION 19
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
http://technet.microsoft.com/en-us/library/dd772623%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx
http://www.petri.co.il/enable-advanced-audit-policy-configuration-windows-server.htm
http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx#BKMK_step2
QUESTION 19
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The network contains several group Managed Service Accounts that are used by four member servers.
You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.
You create a Group Policy object (GPO) named GPO1.
What should you do next?
A. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers
organizational unit (OU).
B. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new
organizational unit (OU). Link GPO1 to the new OU.
C. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers
organizational unit (OU).
D. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new
organizational unit (OU). Link GPO1 to the new OU.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Audit User Account Management
This security policy setting determines whether the operating system generates audit events when the following user account management tasks are
performed:
A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked.
A user account password is set or changed.
Security identifier (SID) history is added to a user account.
The Directory Services Restore Mode password is set.
Permissions on accounts that are members of administrators groups are changed.
Credential Manager credentials are backed up or restored.
This policy setting is essential for tracking events that involve provisioning and managing user accounts.
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2. Server1 has the File Server Resource Manager role service installed.
You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)
A. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Link GPO1 to the Domain Controllers
organizational unit (OU).
B. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit User Account Management. Move the member servers to a new
organizational unit (OU). Link GPO1 to the new OU.
C. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Link GPO1 to the Domain Controllers
organizational unit (OU).
D. In GPO1, configure the Advanced Audit Policy Configuration settings for Audit Sensitive Privilege Use. Move the member servers to a new
organizational unit (OU). Link GPO1 to the new OU.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Audit User Account Management
This security policy setting determines whether the operating system generates audit events when the following user account management tasks are
performed:
A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked.
A user account password is set or changed.
Security identifier (SID) history is added to a user account.
The Directory Services Restore Mode password is set.
Permissions on accounts that are members of administrators groups are changed.
Credential Manager credentials are backed up or restored.
This policy setting is essential for tracking events that involve provisioning and managing user accounts.
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2. Server1 has the File Server Resource Manager role service installed.
You configure a quota threshold as shown in the exhibit. (Click the Exhibit button.)
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1260.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to ensure that a user named User1 receives an email notification when the threshold is exceeded.
What should you do?
A. Create a performance counter alert.
B. Create a classification rule.
C. Modify the members of the Performance Log Users group.
D. Configure the File Server Resource Manager Options.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they
have attempted to save files that have been blocked. If you want to routinely notify certain administrators of quota and file screening events, you can
configure one or more default recipients.
To send these notifications, you must specify the SMTP server to be used for forwarding the e-mail messages.
To configure e-mail options
In the console tree, right-click File Server Resource Manager, and then click Configure options. The File Server Resource Manager Options dialog box
opens.
A. Create a performance counter alert.
B. Create a classification rule.
C. Modify the members of the Performance Log Users group.
D. Configure the File Server Resource Manager Options.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
When you create quotas and file screens, you have the option of sending e-mail notifications to users when their quota limit is approaching or after they
have attempted to save files that have been blocked. If you want to routinely notify certain administrators of quota and file screening events, you can
configure one or more default recipients.
To send these notifications, you must specify the SMTP server to be used for forwarding the e-mail messages.
To configure e-mail options
In the console tree, right-click File Server Resource Manager, and then click Configure options. The File Server Resource Manager Options dialog box
opens.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1261.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
On the E-mail Notifications tab, under SMTP server name or IP address, type the host name or the IP address of the SMTP server that will forward email
notifications.
If you want to routinely notify certain administrators of quota or file screening events, under Default administrator recipients, type each e-mail address.
Use the format account@domain. Use semicolons to separate multiple accounts.
To test your settings, click Send Test E-mail.
notifications.
If you want to routinely notify certain administrators of quota or file screening events, under Default administrator recipients, type each e-mail address.
Use the format account@domain. Use semicolons to separate multiple accounts.
To test your settings, click Send Test E-mail.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1262.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1263.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353qPART1 (1-20) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Latest online browsing the 70-411 exam!
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment