Do you want to pass the 70-411 examsavior exam? What are the new questions of
the latest 70-411 exam? Braindumps 70-411 VCE dumps and 70-411 PDF dumps will
tell you all about the 70-411 examsavior exam.Here are the examsavior newest and
covered all new added questions and answers, which will help you 100% passing
70-411 examsavior exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
QUESTION 21
Your company has a main office and a branch office. The main office is located in Seattle. The branch office is located in Montreal. Each office is
configured as an Active Directory site.
The network contains an Active Directory domain named adatum.com. The Seattle office contains a file server named Server1. The Montreal office
contains a file server named Server2.
The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS Namespaces role service, and the DFS
Replication role service installed.
Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication.
You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Create a replication connection.
B. Create a namespace.
C. Share and publish the replicated folder.
D. Create a new topology.
E. Modify the Referrals settings.
Correct Answer: BCE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To share a replicated folder and publish it to a DFS namespace Click Start, point to Administrative Tools, and then click DFS Management. In the
console tree, under the Replication node, click the replication group that contains the replicated folder you want to share. In the details pane, on the
Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace. In the Share and Publish
Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the wizard.
Note that: If you do not have an existing namespace, you can create one in the Namespace Path page in the Share and Publish Replicated Folder
Wizard. To create the namespace, in the Namespace Path page, click Browse, and then click New Namespace.
To create a namespace
Click Start, point to Administrative Tools, and then click DFS Management. In the console tree, right-click the Namespaces node, and then click New
Namespace. Follow the instructions in the New Namespace Wizard.
To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server instance on the Namespace Server page of the
Your company has a main office and a branch office. The main office is located in Seattle. The branch office is located in Montreal. Each office is
configured as an Active Directory site.
The network contains an Active Directory domain named adatum.com. The Seattle office contains a file server named Server1. The Montreal office
contains a file server named Server2.
The servers run Windows Server 2012 R2 and have the File and Storage Services server role, the DFS Namespaces role service, and the DFS
Replication role service installed.
Server1 and Server2 each have a share named Share1 that is replicated by using DFS Replication.
You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Create a replication connection.
B. Create a namespace.
C. Share and publish the replicated folder.
D. Create a new topology.
E. Modify the Referrals settings.
Correct Answer: BCE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To share a replicated folder and publish it to a DFS namespace Click Start, point to Administrative Tools, and then click DFS Management. In the
console tree, under the Replication node, click the replication group that contains the replicated folder you want to share. In the details pane, on the
Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in Namespace. In the Share and Publish
Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the wizard.
Note that: If you do not have an existing namespace, you can create one in the Namespace Path page in the Share and Publish Replicated Folder
Wizard. To create the namespace, in the Namespace Path page, click Browse, and then click New Namespace.
To create a namespace
Click Start, point to Administrative Tools, and then click DFS Management. In the console tree, right-click the Namespaces node, and then click New
Namespace. Follow the instructions in the New Namespace Wizard.
To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server instance on the Namespace Server page of the
New Namespace Wizard.
Important
Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the forest functional level is Windows Server 2003
or higher. Doing so can result in a namespace for which you cannot delete DFS folders, yielding the following error message: “The folder cannot be
deleted. Cannot complete this function. “
To share a replicated folder and publish it to a DFS namespace
1. Click Start, point to Administrative Tools, and then click DFS Management.
2. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share.
3. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in
Namespace.
4. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the
wizard.
Important
Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the forest functional level is Windows Server 2003
or higher. Doing so can result in a namespace for which you cannot delete DFS folders, yielding the following error message: “The folder cannot be
deleted. Cannot complete this function. “
To share a replicated folder and publish it to a DFS namespace
1. Click Start, point to Administrative Tools, and then click DFS Management.
2. In the console tree, under the Replication node, click the replication group that contains the replicated folder you want to share.
3. In the details pane, on the Replicated Folders tab, right-click the replicated folder that you want to share, and then click Share and Publish in
Namespace.
4. In the Share and Publish Replicated Folder Wizard, click Share and publish the replicated folder in a namespace, and then follow the steps in the
wizard.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1264.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
“You need to ensure that users connect to the replicated folder in their respective office when they connect to \\contoso.com\Share1”![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1265.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1266.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
QUESTION 22
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Server1 has a folder named Folder1 that is used by the sales department.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Server1 has a folder named Folder1 that is used by the sales department.
You need to ensure that an email notification is sent to the sales manager when a File Screening Audit report is generated.
What should you configure on Server1?
A. a file group
B. a file screen
C. a file screen exception
D. a storage report task
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
From the Storage Reports Management node, you can generate reports that will help you understand file use on the storage server. You can use the
storage reports to monitor disk usage patterns (by file type or user), identify duplicate files and dormant files, track quota usage, and audit file screening.
What should you configure on Server1?
A. a file group
B. a file screen
C. a file screen exception
D. a storage report task
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
From the Storage Reports Management node, you can generate reports that will help you understand file use on the storage server. You can use the
storage reports to monitor disk usage patterns (by file type or user), identify duplicate files and dormant files, track quota usage, and audit file screening.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1267.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Before you run a File Screen Audit report, in the File Server Resource Manager Options dialog box, on the File Screen Audit tab, verify that the Record
file screening activity in the auditing database check box is selected.
http://technet.microsoft.com/en-us/library/cc755988.aspx
http://technet.microsoft.com/en-us/library/cc730822.aspx
http://technet.microsoft.com/en-us/library/cc770594.aspx
http://technet.microsoft.com/en-us/library/cc771212.aspx
http://technet.microsoft.com/en-us/library/cc732074.aspx
QUESTION 23
Your network contains an Active Directory domain named adatum.com. The domain contains 10 domain controllers that run Windows Server 2012 R2.
You plan to create a new Active Directory-integrated zone named contoso.com.
You need to ensure that the new zone will be replicated to only four of the domain controllers.
file screening activity in the auditing database check box is selected.
http://technet.microsoft.com/en-us/library/cc755988.aspx
http://technet.microsoft.com/en-us/library/cc730822.aspx
http://technet.microsoft.com/en-us/library/cc770594.aspx
http://technet.microsoft.com/en-us/library/cc771212.aspx
http://technet.microsoft.com/en-us/library/cc732074.aspx
QUESTION 23
Your network contains an Active Directory domain named adatum.com. The domain contains 10 domain controllers that run Windows Server 2012 R2.
You plan to create a new Active Directory-integrated zone named contoso.com.
You need to ensure that the new zone will be replicated to only four of the domain controllers.
What should you do first?
A. Create an application directory partition.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Change the zone replication scope.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Application directory partitions
An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the
replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a
replica of an application directory partition.
QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access
server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?
A. Configure a DNS suffix search list on the DirectAccess clients.
B. Configure DirectAccess to enable force tunneling.
C. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).
D. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. Create an application directory partition.
B. Create an Active Directory connection object.
C. Create an Active Directory site link.
D. Change the zone replication scope.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Application directory partitions
An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the
replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a
replica of an application directory partition.
QUESTION 24
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access
server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?
A. Configure a DNS suffix search list on the DirectAccess clients.
B. Configure DirectAccess to enable force tunneling.
C. Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group Policy object (GPO).
D. Enable the Route all traffic through the internal network policy setting in the DirectAccess Server Settings Group Policy object (GPO).
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients separate their intranet and Internet traffic as follows:
DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged over the tunnels that are created with the
DirectAccess server or directly with intranet servers. Intranet traffic from DirectAccess clients is IPv6 traffic.
DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet namespace, and all traffic to Internet servers, is
exchanged over the physical interface that is connected to the Internet. Internet traffic from DirectAccess clients is typically IPv4 traffic.
In contrast, by default, some remote access virtual private network (VPN) implementations, including the VPN client, send all intranet and Internet traffic
over the remote access VPN connection. Internet-bound traffic is routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet
resources. It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split tunneling. This involves configuring the
Internet Protocol (IP) routing table on VPN clients so that traffic to intranet locations is sent over the VPN connection, and traffic to all other locations is
sent by using the physical interface that is connected to the Internet. You can configure DirectAccess clients to send all of their traffic through the tunnels
to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients detect that they are on the Internet, and they
remove their IPv4 default route. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through
tunnels to the DirectAccess server.
QUESTION 25
Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the
primary DNS zone for contoso.com.
All servers dynamically register their host names.
You install three new Web servers that host identical copies of your company’s intranet website. The servers are configured as shown in the following
table.
DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic is exchanged over the tunnels that are created with the
DirectAccess server or directly with intranet servers. Intranet traffic from DirectAccess clients is IPv6 traffic.
DNS name queries for FQDNs that correspond to exemption rules or do not match the intranet namespace, and all traffic to Internet servers, is
exchanged over the physical interface that is connected to the Internet. Internet traffic from DirectAccess clients is typically IPv4 traffic.
In contrast, by default, some remote access virtual private network (VPN) implementations, including the VPN client, send all intranet and Internet traffic
over the remote access VPN connection. Internet-bound traffic is routed by the VPN server to intranet IPv4 web proxy servers for access to IPv4 Internet
resources. It is possible to separate the intranet and Internet traffic for remote access VPN clients by using split tunneling. This involves configuring the
Internet Protocol (IP) routing table on VPN clients so that traffic to intranet locations is sent over the VPN connection, and traffic to all other locations is
sent by using the physical interface that is connected to the Internet. You can configure DirectAccess clients to send all of their traffic through the tunnels
to the DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess clients detect that they are on the Internet, and they
remove their IPv4 default route. With the exception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through
tunnels to the DirectAccess server.
QUESTION 25
Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the
primary DNS zone for contoso.com.
All servers dynamically register their host names.
You install three new Web servers that host identical copies of your company’s intranet website. The servers are configured as shown in the following
table.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1268.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the three Web servers.
What is the minimum number of DNS records that you should create manually?
A. 1
B. 3
C. 4
D. 6
Correct Answer: B
Section: (none)
Explanation
What is the minimum number of DNS records that you should create manually?
A. 1
B. 3
C. 4
D. 6
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To create DNS Host (A) Records for all internal pool servers
1. Click Stabrt, click All Programs, click Administrative Tools, and then click DNS.
2. In DNS Manager, click the DNS Server that manages your records to expand it.
3. Click Forward Lookup Zones to expand it.
4. Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA).
5. In the Name box, type the name of the host record (the domain name will be automatically appended).
6. In the IP Address box, type the IP address of the individual Front End Server and then select Create associated pointer (PTR) record or Allow any
authenticated user to update.
DNS records with the same owner name, if applicable.
7. Continue creating records for all member Front End Servers that will participate in DNS Load Balancing.
For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create the following DNS entries:
Explanation:
To create DNS Host (A) Records for all internal pool servers
1. Click Stabrt, click All Programs, click Administrative Tools, and then click DNS.
2. In DNS Manager, click the DNS Server that manages your records to expand it.
3. Click Forward Lookup Zones to expand it.
4. Right-click the DNS domain that you need to add records to, and then click New Host (A or AAAA).
5. In the Name box, type the name of the host record (the domain name will be automatically appended).
6. In the IP Address box, type the IP address of the individual Front End Server and then select Create associated pointer (PTR) record or Allow any
authenticated user to update.
DNS records with the same owner name, if applicable.
7. Continue creating records for all member Front End Servers that will participate in DNS Load Balancing.
For example, if you had a pool named pool1.contoso.com and three Front End Servers, you would create the following DNS entries:
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1269.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/cc772506.aspx
http://technet.microsoft.com/en-us/library/gg398251.aspx
QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows
Server 2012 R2.
You mount an Active Directory snapshot on DC1.
You need to expose the snapshot as an LDAP server.
Which tool should you use?
A. Ldp
B. ADSI Edit
http://technet.microsoft.com/en-us/library/gg398251.aspx
QUESTION 26
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows
Server 2012 R2.
You mount an Active Directory snapshot on DC1.
You need to expose the snapshot as an LDAP server.
Which tool should you use?
A. Ldp
B. ADSI Edit
C. Dsamain
D. Ntdsutil
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389
D. Ntdsutil
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds. dit /ldapport51389
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1270.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
QUESTION 27
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2,
QUESTION 27
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2,
or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?
A. Get-ADDefaultDomainPasswordPolicy
B. Active Directory Administrative Center
C. Local Security Policy
D. Get-ADAccountResultantPasswordReplicationPolicy
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In Windows Server 2012, fine-grained password policy management is made much easier than Windows Server 2008/2008 R2. Windows
Administrators not have to use ADSI Edit and configure complicated settings to create the Password Settings Object (PSO) in the Password Settings
Container. Instead we can configure fine-grained password policy directly in Active Directory Administrative Center (ADAC).
QUESTION 28
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
Administrators use client computers that run Windows 8 to perform all management tasks.
A central store is configured on a domain controller named DC1.
You have a custom administrative template file named App1.admx. App1.admx contains application settings for an application named Appl.
From a client computer named Computer1, you create a new Group Policy object (GPO) named GPO1.
You discover that the application settings for App1 fail to appear in GPO1.
You need to ensure that the App1 settings appear in all of the new GPOs that you create.
What should you do?
A. From the Default Domain Controllers Policy, add App1.admx to the Administrative Templates.
B. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?
A. Get-ADDefaultDomainPasswordPolicy
B. Active Directory Administrative Center
C. Local Security Policy
D. Get-ADAccountResultantPasswordReplicationPolicy
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In Windows Server 2012, fine-grained password policy management is made much easier than Windows Server 2008/2008 R2. Windows
Administrators not have to use ADSI Edit and configure complicated settings to create the Password Settings Object (PSO) in the Password Settings
Container. Instead we can configure fine-grained password policy directly in Active Directory Administrative Center (ADAC).
QUESTION 28
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
Administrators use client computers that run Windows 8 to perform all management tasks.
A central store is configured on a domain controller named DC1.
You have a custom administrative template file named App1.admx. App1.admx contains application settings for an application named Appl.
From a client computer named Computer1, you create a new Group Policy object (GPO) named GPO1.
You discover that the application settings for App1 fail to appear in GPO1.
You need to ensure that the App1 settings appear in all of the new GPOs that you create.
What should you do?
A. From the Default Domain Controllers Policy, add App1.admx to the Administrative Templates.
B. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\.
C. From the Default Domain Policy, add App1.admx to the Administrative Templates.
D. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a
file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the
Central Store are later replicated to all domain controllers in the domain.
QUESTION 29
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
Server1 stores update files locally in C:\Updates.
You need to change the location in which the update files are stored to D:\Updates.
What should you do?
A. From the Update Services console, run the Windows Server Update Services Configuration Wizard.
B. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
C. From the Update Services console, configure the Update Files and Languages option.
D. From a command prompt, run wsusutil.exe and specify the export parameter.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
You might need to change the location where WSUS stores updates locally. This might be required if the disk becomes full and there is no longer any
room for new updates. You might also have to do this if the disk where updates are stored fails and the replacement disk uses a new drive letter.
You accomplish this move with the movecontent command of WSUSutil.exe, a command- line tool that is copied to the file system of the WSUS server
during WSUS Setup. By default, Setup copies WSUSutil.exe to the following location:
WSUSInstallationDrive:\Program Files\Microsoft Windows Server Update Services\Tools\
QUESTION 30
You have a server named Server1 that runs Windows Server 2012 R2.
D. Copy App1.admx to \\Contoso.com\SYSVOL\Contoso.com\StarterGPOs.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a
file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the
Central Store are later replicated to all domain controllers in the domain.
QUESTION 29
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed.
Server1 stores update files locally in C:\Updates.
You need to change the location in which the update files are stored to D:\Updates.
What should you do?
A. From the Update Services console, run the Windows Server Update Services Configuration Wizard.
B. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
C. From the Update Services console, configure the Update Files and Languages option.
D. From a command prompt, run wsusutil.exe and specify the export parameter.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
You might need to change the location where WSUS stores updates locally. This might be required if the disk becomes full and there is no longer any
room for new updates. You might also have to do this if the disk where updates are stored fails and the replacement disk uses a new drive letter.
You accomplish this move with the movecontent command of WSUSutil.exe, a command- line tool that is copied to the file system of the WSUS server
during WSUS Setup. By default, Setup copies WSUSutil.exe to the following location:
WSUSInstallationDrive:\Program Files\Microsoft Windows Server Update Services\Tools\
QUESTION 30
You have a server named Server1 that runs Windows Server 2012 R2.
You create a custom Data Collector Set (DCS) named DCS1.
You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.
Which type of data collector should you create?
A. A performance counter alert
B. A configuration data collector
C. A performance counter data collector
D. An event trace data collector
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather
than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the
threshold, to avoid unnecessary alerts.
You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.
Which type of data collector should you create?
A. A performance counter alert
B. A configuration data collector
C. A performance counter data collector
D. An event trace data collector
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather
than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the
threshold, to avoid unnecessary alerts.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1271.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
QUESTION 31
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows
Server 2012 R2.
You add a VPN server named Server2 to the network.
On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows
Server 2012 R2.
You add a VPN server named Server2 to the network.
On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
A. Server Manager
B. Routing and Remote Access
C. New-NpsRadiusClient
D. Connection Manager Administration Kit (CMAK)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
New-NpsRadiusClient -Name “NameOfMyClientGroup” -Address “10.1.0.0/16” – AuthAttributeRequired 0 -NapCompatible 0 -SharedSecret
“SuperSharedSecretxyz” – VendorName “RADIUS Standard”
A. Server Manager
B. Routing and Remote Access
C. New-NpsRadiusClient
D. Connection Manager Administration Kit (CMAK)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
New-NpsRadiusClient -Name “NameOfMyClientGroup” -Address “10.1.0.0/16” – AuthAttributeRequired 0 -NapCompatible 0 -SharedSecret
“SuperSharedSecretxyz” – VendorName “RADIUS Standard”
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1272.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1273.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/hh918425(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/jj872740(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/jj872740(v=wps.620).aspx
http://technet.microsoft.com/en-us/library/dd469790.aspx
QUESTION 32
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2. Server1 has the Network Policy Server server role installed. You need to allow connections that use 802.1x. What should you create?
A. A network policy that uses Microsoft Protected EAP (PEAP) authentication
B. A network policy that uses EAP-MSCHAP v2 authentication
C. A connection request policy that uses EAP-MSCHAP v2 authentication
D. A connection request policy that uses MS-CHAP v2 authentication
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. EAP-TLS (EAPTransport
Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key
determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports passwordbased
user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User
Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS)
receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?
QUESTION 32
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2. Server1 has the Network Policy Server server role installed. You need to allow connections that use 802.1x. What should you create?
A. A network policy that uses Microsoft Protected EAP (PEAP) authentication
B. A network policy that uses EAP-MSCHAP v2 authentication
C. A connection request policy that uses EAP-MSCHAP v2 authentication
D. A connection request policy that uses MS-CHAP v2 authentication
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. EAP-TLS (EAPTransport
Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key
determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports passwordbased
user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User
Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS)
receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client
QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2. Server1 has the Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1 successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A. A system health validator (SHV)
B. The Host Credential Authorization Protocol (HCAP)
C. A computer certificate
D. The Remote Access server role
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Configure NAP enforcement for VPN
This checklist provides the steps required to deploy computers with Routing and Remote Access Service installed and configured as VPN servers with
Network Policy Server (NPS) and Network Access Protection (NAP).
B. The Host Credential Authorization Protocol (HCAP)
C. A computer certificate
D. The Remote Access server role
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Configure NAP enforcement for VPN
This checklist provides the steps required to deploy computers with Routing and Remote Access Service installed and configured as VPN servers with
Network Policy Server (NPS) and Network Access Protection (NAP).
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1274.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1275.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
QUESTION 34
Your network contains a single Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows
Server 2012 R2.
Server1 has the Windows Server updates Services server role installed and is configured to download updates from the Microsoft Update servers.
Your network contains a single Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows
Server 2012 R2.
Server1 has the Windows Server updates Services server role installed and is configured to download updates from the Microsoft Update servers.
You need to ensure that Server1 downloads express installation files from the Microsoft Update servers.
What should you do from the Update Services console?
A. From the Update Files and Languages options, configure the Update Files settings.
B. From the Automatic Approvals options, configure the Update Rules settings.
C. From the Products and Classifications options, configure the Products settings.
D. From the Products and Classifications options, configure the Classifications settings.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To specify whether express installation files are downloaded during synchronization
In the left pane of the WSUS Administration console, click Options.
In Update Files and Languages, click the Update Files tab.
If you want to download express installation files, select the Download express installation files check box. If you do not want to download express
installation files, clear the check box.
What should you do from the Update Services console?
A. From the Update Files and Languages options, configure the Update Files settings.
B. From the Automatic Approvals options, configure the Update Rules settings.
C. From the Products and Classifications options, configure the Products settings.
D. From the Products and Classifications options, configure the Classifications settings.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To specify whether express installation files are downloaded during synchronization
In the left pane of the WSUS Administration console, click Options.
In Update Files and Languages, click the Update Files tab.
If you want to download express installation files, select the Download express installation files check box. If you do not want to download express
installation files, clear the check box.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1276.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/cc708431.aspx
http://technet.microsoft.com/en-us/library/cc708431.aspx
QUESTION 35
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
http://technet.microsoft.com/en-us/library/cc708431.aspx
QUESTION 35
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?
A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that support virtual local area networks (VLANs), you can configure
Network Policy Server (NPS) network policy to instruct the access servers to place members of Active Directory?groups on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain Services (AD DS) that you want to assign to
specific VLANs. Then when you run the New Network Policy wizard, add the Active Directory group as a condition of the network policy.
You can create a separate network policy for each group that you want to assign to a VLAN. For more information, see Create a Group for a Network
Policy. When you configure network policy for use with VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-
Group-ID, and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-Tag. To configure these attributes in
a network policy, use the New Network Policy wizard to create a network policy. You can add the attributes to the network policy settings while running
the wizard or after you have successfully created a policy with the wizard.
Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the New Network Policy wizard. For example, if the
network policy you are configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. For example, if you want to create a
Sales VLAN for your sales team by assigning team members to VLAN 4, type the number 4.
Tunnel-Type. Select the value Virtual LANs (VLAN).
Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this attribute, obtain this value from your hardware
documentation.
QUESTION 36
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2 and has the Network Policy Server role service installed. You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool
should you use?
A. The tracert.exe command
B. The Network Policy Server console
C. The Server Manager console
D. The netsh.exe command
Which attributes should you add to Policy1?
A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that support virtual local area networks (VLANs), you can configure
Network Policy Server (NPS) network policy to instruct the access servers to place members of Active Directory?groups on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain Services (AD DS) that you want to assign to
specific VLANs. Then when you run the New Network Policy wizard, add the Active Directory group as a condition of the network policy.
You can create a separate network policy for each group that you want to assign to a VLAN. For more information, see Create a Group for a Network
Policy. When you configure network policy for use with VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-
Group-ID, and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-Tag. To configure these attributes in
a network policy, use the New Network Policy wizard to create a network policy. You can add the attributes to the network policy settings while running
the wizard or after you have successfully created a policy with the wizard.
Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the New Network Policy wizard. For example, if the
network policy you are configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. For example, if you want to create a
Sales VLAN for your sales team by assigning team members to VLAN 4, type the number 4.
Tunnel-Type. Select the value Virtual LANs (VLAN).
Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this attribute, obtain this value from your hardware
documentation.
QUESTION 36
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2 and has the Network Policy Server role service installed. You need to enable trace logging for Network Policy Server (NPS) on Server1. Which tool
should you use?
A. The tracert.exe command
B. The Network Policy Server console
C. The Server Manager console
D. The netsh.exe command
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
NPS trace logging files
You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can
provide the detailed information required for troubleshooting complex problems.
You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need
to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%
\tracing.
The following log files contain helpful information about NAP:
IASNAP. LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.
IASSAM. LOG: Contains detailed information about user authentication and authorization.
Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate
accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To create tracing log files on a server running NPS
Open a command line as an administrator.
Type netshras set tr * en.
Reproduce the scenario that you are troubleshooting.
Type netshras set tr * dis.
Close the command prompt window.
http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx
QUESTION 37
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server
server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection
(NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
Section: (none)
Explanation
Explanation/Reference:
Explanation:
NPS trace logging files
You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can
provide the detailed information required for troubleshooting complex problems.
You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need
to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%
\tracing.
The following log files contain helpful information about NAP:
IASNAP. LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.
IASSAM. LOG: Contains detailed information about user authentication and authorization.
Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate
accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To create tracing log files on a server running NPS
Open a command line as an administrator.
Type netshras set tr * en.
Reproduce the scenario that you are troubleshooting.
Type netshras set tr * dis.
Close the command prompt window.
http://technet.microsoft.com/en-us/library/dd348461%28v=ws.10%29.aspx
QUESTION 37
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server
server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection
(NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1277.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1.
What should you create?
A. A connection request policy that has the Service Type condition
B. A connection request policy that has the Identity Type condition
C. A network policy that has the Identity Type condition
D. A network policy that has the MS-Service Class condition
Correct Answer: D
Section: (none)
What should you create?
A. A connection request policy that has the Service Type condition
B. A connection request policy that has the Identity Type condition
C. A network policy that has the Identity Type condition
D. A network policy that has the MS-Service Class condition
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
MS-Service Class
Restricts the policy to clients that have received an IP address from a DHCP scope that
matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the
MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.
Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want to configure.
In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network Access Protection group of conditions. If you
want to configure the Identity Type condition, click Identity Type, and then click Add. In Specify the method in which clients are identified in this policy,
select the items appropriate for your deployment, and then click OK.
The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods to allow client health checks when NPS
does not receive an Access- Request message that contains a value for the User-Name attribute; in this case, client health checks are performed, but
authentication and authorization are not performed.
If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your
DHCP scope, type the name of an existing DHCP profile, and then click Add.
Explanation/Reference:
Explanation:
MS-Service Class
Restricts the policy to clients that have received an IP address from a DHCP scope that
matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the
MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.
Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want to configure.
In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network Access Protection group of conditions. If you
want to configure the Identity Type condition, click Identity Type, and then click Add. In Specify the method in which clients are identified in this policy,
select the items appropriate for your deployment, and then click OK.
The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods to allow client health checks when NPS
does not receive an Access- Request message that contains a value for the User-Name attribute; in this case, client health checks are performed, but
authentication and authorization are not performed.
If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your
DHCP scope, type the name of an existing DHCP profile, and then click Add.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1278.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP
profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method.
http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
QUESTION 38
Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL
Server 2008 R2 installed. All servers run Windows Server 2012 R2.
You configure NPS on Server1 to log accounting data to a database on SQL1.
You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost.
What should you do?
A. Implement Failover Clustering.
B. Implement database mirroring.
C. Run the Accounting Configuration Wizard.
D. Modify the SQL Server Logging properties.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In Windows Server 2008 R2, an accounting configuration wizard is added to the Accounting node in the NPS console. By using the Accounting
Configuration wizard, you can configure the following four accounting settings:
SQL logging only. By using this setting, you can configure a data link to a SQL Server that allows NPS to connect to and send accounting data to the
SQL server. In addition, the wizard can configure the database on the SQL Server to ensure that the database is compatible with NPS SQL server
logging. Text logging only. By using this setting, you can configure NPS to log accounting data to a text file.
Parallel logging. By using this setting, you can configure the SQL Server data link and database. You can also configure text file logging so that NPS
logs simultaneously to the text file and the SQL Server database. SQL logging with backup. By using this setting, you can configure the SQL Server data
link and database. In addition, you can configure text file logging that NPS uses if SQL Server logging fails.
QUESTION 39
Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2.
Server1 to use Router1 as the default gateway.
A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is
10.1.14.254.
You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.
http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
QUESTION 38
Your network contains a Network Policy Server (NPS) server named Server1. The network contains a server named SQL1 that has Microsoft SQL
Server 2008 R2 installed. All servers run Windows Server 2012 R2.
You configure NPS on Server1 to log accounting data to a database on SQL1.
You need to ensure that the accounting data is captured if SQL1 fails. The solution must minimize cost.
What should you do?
A. Implement Failover Clustering.
B. Implement database mirroring.
C. Run the Accounting Configuration Wizard.
D. Modify the SQL Server Logging properties.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In Windows Server 2008 R2, an accounting configuration wizard is added to the Accounting node in the NPS console. By using the Accounting
Configuration wizard, you can configure the following four accounting settings:
SQL logging only. By using this setting, you can configure a data link to a SQL Server that allows NPS to connect to and send accounting data to the
SQL server. In addition, the wizard can configure the database on the SQL Server to ensure that the database is compatible with NPS SQL server
logging. Text logging only. By using this setting, you can configure NPS to log accounting data to a text file.
Parallel logging. By using this setting, you can configure the SQL Server data link and database. You can also configure text file logging so that NPS
logs simultaneously to the text file and the SQL Server database. SQL logging with backup. By using this setting, you can configure the SQL Server data
link and database. In addition, you can configure text file logging that NPS uses if SQL Server logging fails.
QUESTION 39
Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2.
Server1 to use Router1 as the default gateway.
A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is
10.1.14.254.
You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails.
What should you do on Server1?
A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
B. Add 10.1.14.254 as a gateway and set the metric to 1.
C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
D. Add 10.1.14.254 as a gateway and set the metric to 500.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The keyword’s here are “internet access”
Metric 1 would give it a primary roll for routing trafic, which is NOT asked.
So this rules out A AND B.
Metric 500 gives it a secondary roll for routing trafic.
C is not the answer bcz: it only routes addresses 10.1.14.0/24 (which is a NONE routable/”life” range on the internet! (10…(A-Class), 127…(B-Class),
192…(C-Class)). The solution however should route ALL trafic comming in to the internet.
So the only logical answer is D.
http://windows.microsoft.com/en-us/windows/configuring-multiple-network-gateways#1TC=windows-7
QUESTION 40
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 is a DNS server for
contoso.com. The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1279.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
B. Add 10.1.14.254 as a gateway and set the metric to 1.
C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
D. Add 10.1.14.254 as a gateway and set the metric to 500.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The keyword’s here are “internet access”
Metric 1 would give it a primary roll for routing trafic, which is NOT asked.
So this rules out A AND B.
Metric 500 gives it a secondary roll for routing trafic.
C is not the answer bcz: it only routes addresses 10.1.14.0/24 (which is a NONE routable/”life” range on the internet! (10…(A-Class), 127…(B-Class),
192…(C-Class)). The solution however should route ALL trafic comming in to the internet.
So the only logical answer is D.
http://windows.microsoft.com/en-us/windows/configuring-multiple-network-gateways#1TC=windows-7
QUESTION 40
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 is a DNS server for
contoso.com. The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)
The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server.
You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.
What should you configure?
A. The workgroup name of Server1
B. The Security settings of the contoso.com zone
C. The Dynamic updates setting of the contoso.com zone
You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.
What should you configure?
A. The workgroup name of Server1
B. The Security settings of the contoso.com zone
C. The Dynamic updates setting of the contoso.com zone
D. The primary DNS suffix of Server1
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
When any computer or a standalone server is added to a domain as a member, the network identifies that computer with its Fully Qualified Domain
Name or FQDN. A Fully Qualified Domain Name consist of a hostname and the DNs suffix separated by a “. ” called period. An example for this can be
server01. msftdomain.com where “server01 is the hostname of the computer and “msftdomain.com” is the DNS suffix which follows the hostname. A
complete FQDN of a client computer or a member server uniquely identifies that computer in the entire domain.
Primary DNS suffix must manually be added in Windows 8 computer to change its hostname to Fully Qualified Domain Name so that it becomes eligible
to send queries and receive responses from the DNS server. Following are the steps which can be implemented to add primary DNS suffix to a
Windows 8 computer hostname:
Log on to Windows 8 computer with administrator account. From the options available on the screen click Control Panel. On the opened window click
More Settings from the left pane. On the next window click System and Security category and on the appeared window click System.
On View basic information about your computer window click Change settings under Computer name, domain, and workgroup settings section. On
System Properties box make sure that Computer Name tab is selected and click Change button.
On Computer Name/Domain Changes box click More button. On DNS Suffix and NetBIOS Computer Name box type in the DNS domain name as the
DNS suffix to the Windows 8 computer under Primary DNS suffix of this computer field. Click Ok button on all the boxes and restart the computer to
allow changes to take effect.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
When any computer or a standalone server is added to a domain as a member, the network identifies that computer with its Fully Qualified Domain
Name or FQDN. A Fully Qualified Domain Name consist of a hostname and the DNs suffix separated by a “. ” called period. An example for this can be
server01. msftdomain.com where “server01 is the hostname of the computer and “msftdomain.com” is the DNS suffix which follows the hostname. A
complete FQDN of a client computer or a member server uniquely identifies that computer in the entire domain.
Primary DNS suffix must manually be added in Windows 8 computer to change its hostname to Fully Qualified Domain Name so that it becomes eligible
to send queries and receive responses from the DNS server. Following are the steps which can be implemented to add primary DNS suffix to a
Windows 8 computer hostname:
Log on to Windows 8 computer with administrator account. From the options available on the screen click Control Panel. On the opened window click
More Settings from the left pane. On the next window click System and Security category and on the appeared window click System.
On View basic information about your computer window click Change settings under Computer name, domain, and workgroup settings section. On
System Properties box make sure that Computer Name tab is selected and click Change button.
On Computer Name/Domain Changes box click More button. On DNS Suffix and NetBIOS Computer Name box type in the DNS domain name as the
DNS suffix to the Windows 8 computer under Primary DNS suffix of this computer field. Click Ok button on all the boxes and restart the computer to
allow changes to take effect.
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1280.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1282.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
For years, Windows DNS has supported dynamic updates, whereas a DNS client host registers and dynamically updates the resource records with a
DNS server. If a host’s IP address changes, the resource record (particularly the A record) for the host is automatically updated, while the host utilizes
the DHCP server to dynamically update its Pointer (PTR) resource record. Therefore, when a user or service needs to contact a client PC, it can look up
the IP address of the host. With larger organizations, this becomes an essential feature, especially for clients that frequently move or change locations
and use DHCP to automatically obtain an IP address. For dynamic DNS updates to succeed, the zone must be configured to accept dynamic updates:
DNS server. If a host’s IP address changes, the resource record (particularly the A record) for the host is automatically updated, while the host utilizes
the DHCP server to dynamically update its Pointer (PTR) resource record. Therefore, when a user or service needs to contact a client PC, it can look up
the IP address of the host. With larger organizations, this becomes an essential feature, especially for clients that frequently move or change locations
and use DHCP to automatically obtain an IP address. For dynamic DNS updates to succeed, the zone must be configured to accept dynamic updates:
![NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/07/image1283.png "NEW! 70-414 EXAM] Microsoft.EnsurePass.70-411.by.Sacriestory.353q PART2 (21-40) EXAM B VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/cc778792%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc778792%28v=ws.10%29.aspx
http://www.advicehow.com/adding-primary-dns-suffix-in-microsoft-windows-8/
http://technet.microsoft.com/en-us/library/cc959611.aspx
http://technet.microsoft.com/en-us/library/cc778792%28v=ws.10%29.aspx
http://www.advicehow.com/adding-primary-dns-suffix-in-microsoft-windows-8/
http://technet.microsoft.com/en-us/library/cc959611.aspx
Latest online browsing the 70-411 exam!
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment