Do you want to pass the 70-411 examsavior exam? What are the new questions of the latest 70-411 exam? Braindumps 70-411 VCE dumps and 70-411 PDF dumps will tell you all about the 70-411 examsavior exam.Here are the examsavior newest and covered all new added questions and answers, which will help you 100% passing 70-411 examsavior exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
QUESTION 61
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2008 R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs). You have a Windows image file named file1.wim.
You need to add an image of a volume to file1.wim. What should you do?
A. Run dism.exe and specify the /image parameter.
B. Run dism.exe and specify the /append-image parameter.
C. Run imagex.exe and specify the /append parameter.
D. Run imagex.exe and specify the /export parameter.
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
You can use DISM with .wim files to:
– Capture and apply Windows images.
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2008 R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs). You have a Windows image file named file1.wim.
You need to add an image of a volume to file1.wim. What should you do?
A. Run dism.exe and specify the /image parameter.
B. Run dism.exe and specify the /append-image parameter.
C. Run imagex.exe and specify the /append parameter.
D. Run imagex.exe and specify the /export parameter.
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
You can use DISM with .wim files to:
– Capture and apply Windows images.
– Append and delete images in a .wim file.
– Split .wim files into several smaller files.
technet.microsoft.com/en-us/library/hh825236.aspx
technet.microsoft.com/en-us/library/Hh824916.aspx
QUESTION 62
You have Windows Server 2012 R2 installation media that contains a file named Install.wim.
You need to identify which images are present in Install.wim.
What should you do?
A. Run imagex.exe and specify the /ref parameter.
B. Run dism.exe and specify the /get-mountedwiminfo parameter.
C. Run dism.exe and specify the /get-imageinfo parameter.
D. Run imagex.exe and specify the /verify parameter.
Correct Answer: C
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
Option:
/Get-ImageInfo
Arguments:
/ImageFile: <path_to_image.wim>
[{/Index: <Image_index> | /Name: <Image_name>}]
Displays information about the images that are contained in the .wim, vhd or .vhdx file. When used with the Index or /Name argument, information about
the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 Update, see Take Inventory of an Image
or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index: 1 for VHD files.
Note 2 :
We can either ImageX.exe with the parameter info / or Dism.exe with the parameters Get-Info Image / use to list the images contained in the image file.
imagex /info D:\WIM\Install.wim
– Split .wim files into several smaller files.
technet.microsoft.com/en-us/library/hh825236.aspx
technet.microsoft.com/en-us/library/Hh824916.aspx
QUESTION 62
You have Windows Server 2012 R2 installation media that contains a file named Install.wim.
You need to identify which images are present in Install.wim.
What should you do?
A. Run imagex.exe and specify the /ref parameter.
B. Run dism.exe and specify the /get-mountedwiminfo parameter.
C. Run dism.exe and specify the /get-imageinfo parameter.
D. Run imagex.exe and specify the /verify parameter.
Correct Answer: C
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
Option:
/Get-ImageInfo
Arguments:
/ImageFile: <path_to_image.wim>
[{/Index: <Image_index> | /Name: <Image_name>}]
Displays information about the images that are contained in the .wim, vhd or .vhdx file. When used with the Index or /Name argument, information about
the specified image is displayed, which includes if an image is a WIMBoot image, if the image is Windows 8.1 Update, see Take Inventory of an Image
or Component Using DISM. The /Name argument does not apply to VHD files. You must specify /Index: 1 for VHD files.
Note 2 :
We can either ImageX.exe with the parameter info / or Dism.exe with the parameters Get-Info Image / use to list the images contained in the image file.
imagex /info D:\WIM\Install.wim
Dism /Get-ImageInfo /ImageFile: D:\WIM\Install.wim
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh825224.aspx
QUESTION 63
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008
R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs).
You attach a new VHD to Server1.
You need to install Windows Server 2012 R2 in the VHD.
What should you do?
A. Run imagex.exe and specify the /append parameter.
B. Run dism.exe and specify the /apply-image parameter.
C. Run imagex.exe and specify the /export parameter.
D. Run dism.exe and specify the /append-image parameter.
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
On the destination computer, you will create a structure for the partitions where you apply your images. The partition structure on the destination
computer must match the partition structure of the reference computer. If you apply an image to a volume with an existing Windows installation, files
from the previous installation may not be deleted. Format the volume by using a tool such as DiskPart before applying the new image.
QUESTION 64
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run
Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1.
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh825224.aspx
QUESTION 63
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008
R2.
You plan to test Windows Server 2012 R2 by using native-boot virtual hard disks (VHDs).
You attach a new VHD to Server1.
You need to install Windows Server 2012 R2 in the VHD.
What should you do?
A. Run imagex.exe and specify the /append parameter.
B. Run dism.exe and specify the /apply-image parameter.
C. Run imagex.exe and specify the /export parameter.
D. Run dism.exe and specify the /append-image parameter.
Correct Answer: B
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
On the destination computer, you will create a structure for the partitions where you apply your images. The partition structure on the destination
computer must match the partition structure of the reference computer. If you apply an image to a volume with an existing Windows installation, files
from the previous installation may not be deleted. Format the volume by using a tool such as DiskPart before applying the new image.
QUESTION 64
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run
Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1.
The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, create a collector initiated subscription.
B. On Server1, create a source computer initiated subscription.
C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
Correct Answer: BC
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Explanation:
To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain
controllers can be forwarded to an administrative workstation
* Group Policy
The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following
group policy setting:
Computer configuration-Administrative templates-Windows components-Event forwarding- Configure the server address, refresh interval, and issue
certificate authority of a target subscription manager.
* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows Components | Event Forwarding – Configure the
server address, refresh interval, and issuer certificate authority of a target Subscription Manager
Note 2:
We can create and the source computer via Group Policy Object (GPO) to configure for event forwarding to Server1 a source computer-initiated event
subscription.
Policy: Configuring target Subscription Manager
This policy setting allows the server address, the refresh interval and the exhibitors certification body of a target Subscription Manager .
Configuring If you enable this policy setting, you can configure the source computer so that it connects to a certain FQDN (Fully Qualified Domain Name,
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, create a collector initiated subscription.
B. On Server1, create a source computer initiated subscription.
C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
Correct Answer: BC
Section: 6. Configure and manage Group Policy
Explanation
Explanation/Reference:
Explanation:
To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain
controllers can be forwarded to an administrative workstation
* Group Policy
The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following
group policy setting:
Computer configuration-Administrative templates-Windows components-Event forwarding- Configure the server address, refresh interval, and issue
certificate authority of a target subscription manager.
* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows Components | Event Forwarding – Configure the
server address, refresh interval, and issuer certificate authority of a target Subscription Manager
Note 2:
We can create and the source computer via Group Policy Object (GPO) to configure for event forwarding to Server1 a source computer-initiated event
subscription.
Policy: Configuring target Subscription Manager
This policy setting allows the server address, the refresh interval and the exhibitors certification body of a target Subscription Manager .
Configuring If you enable this policy setting, you can configure the source computer so that it connects to a certain FQDN (Fully Qualified Domain Name,
FQDN) or an IP address manufactures and subscription details requests.
Use the HTTPS protocol, the following syntax:
server = https: // ‘FQDN of the Collection “: 5986 / wsman / SubscriptionManager / WEC, Refresh =” refresh interval in seconds “, IssuerCA =” fingerprint
of the client authentication certificate ”
Use for the HTTP protocol port 5985.
QUESTION 65
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines.
You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?
A. Hyper-V Manager
B. Task Manager
C. Windows System Resource Manager (WSRM)
D. Resource Monitor
Correct Answer: A
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
QUESTION 66
You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has
one volume.
You add a new hard disk to WSUS1 and then create a volume on the hard disk.
You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume.
What should you do?
A. From the Update Services console, configure the Update Files and Languages option.
B. From the Update Services console, run the Windows Server Update Services Configuration Wizard.
C. From a command prompt, run wsusutil.exe and specify the export parameter.
Use the HTTPS protocol, the following syntax:
server = https: // ‘FQDN of the Collection “: 5986 / wsman / SubscriptionManager / WEC, Refresh =” refresh interval in seconds “, IssuerCA =” fingerprint
of the client authentication certificate ”
Use for the HTTP protocol port 5985.
QUESTION 65
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines.
You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?
A. Hyper-V Manager
B. Task Manager
C. Windows System Resource Manager (WSRM)
D. Resource Monitor
Correct Answer: A
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
QUESTION 66
You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has
one volume.
You add a new hard disk to WSUS1 and then create a volume on the hard disk.
You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume.
What should you do?
A. From the Update Services console, configure the Update Files and Languages option.
B. From the Update Services console, run the Windows Server Update Services Configuration Wizard.
C. From a command prompt, run wsusutil.exe and specify the export parameter.
D. From a command prompt, run wsusutil.exe and specify the movecontent parameter.
Correct Answer: D
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
Local Storage Considerations
If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options
you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you
select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB.
Therefore if you choose any of these options, install a larger disk (for example, 100 GB).
If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive,
you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing
WSUS from the Command Line.
For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to
the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. log
Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a
partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server
2003.
Syntax
At the command line %drive%\Program Files\Update Services\Tools>, type:
wsusutilmovecontentcontentpathlogfile -skipcopy [/?]
The parameters are defined in the following table. contentpath – the new root for content files. The path must exist. logfile – the path and file name of the
log file to create. -skipcopy – indicates that only the server configuration should be changed, and that the content files should not be copied.
/help or /? – displays command-line help for movecontent command.
http://blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx
http://technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx
QUESTION 67
Correct Answer: D
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
Local Storage Considerations
If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options
you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you
select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB.
Therefore if you choose any of these options, install a larger disk (for example, 100 GB).
If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive,
you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing
WSUS from the Command Line.
For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to
the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. log
Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a
partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server
2003.
Syntax
At the command line %drive%\Program Files\Update Services\Tools>, type:
wsusutilmovecontentcontentpathlogfile -skipcopy [/?]
The parameters are defined in the following table. contentpath – the new root for content files. The path must exist. logfile – the path and file name of the
log file to create. -skipcopy – indicates that only the server configuration should be changed, and that the content files should not be copied.
/help or /? – displays command-line help for movecontent command.
http://blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx
http://technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx
QUESTION 67
Your company has a main office and two branch offices. The main office is located in Seattle. The two branch offices are located in Montreal and Miami.
Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1
has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the
target in the main office.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Set the Ordering method of \\contoso.com\public to Random order.
B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.
C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.
D. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client’s site.
E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
F. Set the Ordering method of \\contoso.com\public to Lowest cost.
Correct Answer: BD
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Exclude targets outside of the client’s site
In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no
same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set
to “First among all targets” or “Last among all targets” are still listed in the referral, even if the ordering method is set to Exclude targets outside of the
client’s site .
Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller
or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access
the first target in the list. If the target is not available, the client attempts to access the next target.
QUESTION 68
You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com. Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \\contoso.com\public. The namespace contains a folder named Folder1. Folder1
has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the
target in the main office.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Set the Ordering method of \\contoso.com\public to Random order.
B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.
C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.
D. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client’s site.
E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
F. Set the Ordering method of \\contoso.com\public to Lowest cost.
Correct Answer: BD
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Exclude targets outside of the client’s site
In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no
same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set
to “First among all targets” or “Last among all targets” are still listed in the referral, even if the ordering method is set to Exclude targets outside of the
client’s site .
Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller
or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access
the first target in the list. If the target is not available, the client attempts to access the next target.
QUESTION 68
You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?
A. Manage-bde.exe
B. Set-TpmOwnerAuth
C. bdehdcfg.exe
D. tpmvscmgr.exe
Correct Answer: B
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify
the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization
value, the cmdlet attempts to read the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that
contains the new value.
QUESTION 69
You have a file server that has the File Server Resource Manager role service installed.
You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)
What should you run on Server1?
A. Manage-bde.exe
B. Set-TpmOwnerAuth
C. bdehdcfg.exe
D. tpmvscmgr.exe
Correct Answer: B
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify
the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization
value, the cmdlet attempts to read the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that
contains the new value.
QUESTION 69
You have a file server that has the File Server Resource Manager role service installed.
You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image83.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to ensure that all of the folders in Folder1 have a 100-MB quota limit.
What should you do?
A. Run the Updatecmdlet.
B. Run the Update-FsrmAutoQuotacmdlet.
C. Create a new quota for Folder1.
D. Modify the quota properties of Folder1.
Correct Answer: C
Section: 2. Configure file and print services
Explanation
What should you do?
A. Run the Updatecmdlet.
B. Run the Update-FsrmAutoQuotacmdlet.
C. Create a new quota for Folder1.
D. Modify the quota properties of Folder1.
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server Resource Manager automatically generates
quotas that are based on that template. Quotas are generated for each of the existing subfolders and for subfolders that you create in the future.
Explanation:
By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server Resource Manager automatically generates
quotas that are based on that template. Quotas are generated for each of the existing subfolders and for subfolders that you create in the future.
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image84.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Your network contains an Active Directory forest named contoso.com.
The domain contains three servers. The servers are configured as shown in the following table.
The domain contains three servers. The servers are configured as shown in the following table.
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image85.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to identify which server role must be deployed to the network to support the planned implementation.
Which role should you identify?
A. Network Policy and Access Services
B. Volume Activation Services
C. Windows Deployment Services
D. Active Directory Rights Management Services
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Windows Deployment Services (WDS) is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new
computers by using a network- based installation. This means that you do not have to install each operating system directly from a CD, USB drive or
DVD. To use Windows Deployment Services, you should have a working knowledge of common desktop deployment technologies and networking
components, including Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Active Directory Domain Services (AD DS). It
is also helpful to understand the Preboot execution Environment (also known as Pre-Execution Environment).
Which role should you identify?
A. Network Policy and Access Services
B. Volume Activation Services
C. Windows Deployment Services
D. Active Directory Rights Management Services
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Windows Deployment Services (WDS) is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new
computers by using a network- based installation. This means that you do not have to install each operating system directly from a CD, USB drive or
DVD. To use Windows Deployment Services, you should have a working knowledge of common desktop deployment technologies and networking
components, including Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Active Directory Domain Services (AD DS). It
is also helpful to understand the Preboot execution Environment (also known as Pre-Execution Environment).
QUESTION 71
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the
following table.
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the
following table.
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image86.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.
You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the
network.
To which server should you deploy the feature?
A. Server1
B. Server2
C. Server3
D. Server4
E. Server5
Correct Answer: E
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
You need to deploy the Network Unlock feature. The solution must minimize the number of features and server roles installed on the
network.
To which server should you deploy the feature?
A. Server1
B. Server2
C. Server3
D. Server4
E. Server5
Correct Answer: E
Section: 1. Deploy and manage server images
Explanation
Explanation/Reference:
Explanation:
The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker
Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment
Services role in Server Manager.
QUESTION 72
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Server1 has a folder named Folder1 that is used by the human resources department.
You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a
video file to Folder1.
What should you configure on Server1?
A. a storage report task
B. a file screen exception
C. a file screen
D. a file group
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files. With File
Server Resource Manager (FSRM) you can create file screens that prevent users from saving unauthorized files on volumes or folders.
File Screen Enforcement:
You can create file screens to prevent users from saving unauthorized files on volumes or folders. There are two types of file screen enforcement: active
and passive enforcement. Active file screen enforcement does not allow the user to save an unauthorized file. Passive file screen enforcement allows
the user to save the file, but notifies the user that the file is not an authorized file. You can configure notifications, such as events logged to the event log
or e-mails sent to users and administrators, as part of active and passive file screen enforcement.
QUESTION 73
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.
You run ntdsutil as shown in the exhibit. (Click the Exhibit button.)
Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment
Services role in Server Manager.
QUESTION 72
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Server1 has a folder named Folder1 that is used by the human resources department.
You need to ensure that an email notification is sent immediately to the human resources manager when a user copies an audio file or a
video file to Folder1.
What should you configure on Server1?
A. a storage report task
B. a file screen exception
C. a file screen
D. a file group
Correct Answer: C
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files. With File
Server Resource Manager (FSRM) you can create file screens that prevent users from saving unauthorized files on volumes or folders.
File Screen Enforcement:
You can create file screens to prevent users from saving unauthorized files on volumes or folders. There are two types of file screen enforcement: active
and passive enforcement. Active file screen enforcement does not allow the user to save an unauthorized file. Passive file screen enforcement allows
the user to save the file, but notifies the user that the file is not an authorized file. You can configure notifications, such as events logged to the event log
or e-mails sent to users and administrators, as part of active and passive file screen enforcement.
QUESTION 73
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.
You run ntdsutil as shown in the exhibit. (Click the Exhibit button.)
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image87.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to ensure that you can access the contents of the mounted snapshot.
What should you do?
A. From the snapshot context of ntdsutil, run activate instance “NTDS”.
B. From a command prompt, run dsamain.exe -dbpath
c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 389.
C. From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0-2f56d827a57d}.
D. From a command prompt, run dsamain.exe -dbpath
c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 33389.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain
sensitive AD DS data.
If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you
run Dsamain.exe.
If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. A client
starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389.
The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to
What should you do?
A. From the snapshot context of ntdsutil, run activate instance “NTDS”.
B. From a command prompt, run dsamain.exe -dbpath
c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 389.
C. From the snapshot context of ntdsutil, run mount {79f94f82-5926-4f44-8af0-2f56d827a57d}.
D. From a command prompt, run dsamain.exe -dbpath
c:\$snap_201204131056_volumec$\windows\ntds\ntds. dit -Idapport 33389.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain
sensitive AD DS data.
If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you
run Dsamain.exe.
If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. A client
starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389.
The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to
wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic
Encoding Rules (BER).
Encoding Rules (BER).
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image88.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
QUESTION 74
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1.
The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Sites and Services, run the Delegation of Control Wizard.
B. From a command prompt, run the dsadd computer command.
C. From Active Directory Site and Services, configure the Security settings of the R0DC1 server object.
D. From a command prompt, run the dsmgmt local roles command.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not
have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless
those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
QUESTION 75
Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows
Server 2012 R2.
Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.
You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E.
Which command should you run?
QUESTION 74
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1.
The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?
A. From Active Directory Sites and Services, run the Delegation of Control Wizard.
B. From a command prompt, run the dsadd computer command.
C. From Active Directory Site and Services, configure the Security settings of the R0DC1 server object.
D. From a command prompt, run the dsmgmt local roles command.
Correct Answer: D
Section: 5. Configure and manage Active Directory
Explanation
Explanation/Reference:
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not
have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless
those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.
QUESTION 75
Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows
Server 2012 R2.
Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.
You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E.
Which command should you run?
A. manage-bde -protectors -add c: -startup e:
B. manage-bde -lock e:
C. manage-bde -protectors -add e: -startupkey c:
D. manage-bde -on e:
Correct Answer: D
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Manage-bde: on
Encrypts the drive and turns on BitLocker.
Example:
The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.
manage-bde -on C: -recoverypassword
QUESTION 76
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server
2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
B. manage-bde -lock e:
C. manage-bde -protectors -add e: -startupkey c:
D. manage-bde -on e:
Correct Answer: D
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Manage-bde: on
Encrypts the drive and turns on BitLocker.
Example:
The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.
manage-bde -on C: -recoverypassword
QUESTION 76
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server
2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image93.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of
the content in Share1.
You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1.
What should you configure?
the content in Share1.
You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1.
What should you configure?
A. the Audit File Share setting of Servers GPO
B. the Sharing settings of C:\Share1
C. the Audit File System setting of Servers GPO
D. the Security settings of C:\Share1
Correct Answer: D
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system.
Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.
File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in event log.
To view connections to shared resources, type net session at a command prompt or follow these steps:
In Computer Management, connect to the computer on which you created the shared resource.
In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and
computers.
To enable folder permission auditing, you can follow the below steps:
Click start and run “secpol. msc” without quotes.
Open the Local Policies\Audit Policy
Enable the Audit object access for “Success” and “Failure”.
Go to target files and folders, right click the folder and select properties.
Go to Security Page and click Advanced.
B. the Sharing settings of C:\Share1
C. the Audit File System setting of Servers GPO
D. the Security settings of C:\Share1
Correct Answer: D
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system.
Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.
File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in event log.
To view connections to shared resources, type net session at a command prompt or follow these steps:
In Computer Management, connect to the computer on which you created the shared resource.
In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and
computers.
To enable folder permission auditing, you can follow the below steps:
Click start and run “secpol. msc” without quotes.
Open the Local Policies\Audit Policy
Enable the Audit object access for “Success” and “Failure”.
Go to target files and folders, right click the folder and select properties.
Go to Security Page and click Advanced.
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image97.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Click Auditing and Edit.
Click add, type everyone in the Select User, Computer, or Group. Choose Apply onto: This folder, subfolders and files.
Tick on the box “Change permissions”
Click OK.
Click add, type everyone in the Select User, Computer, or Group. Choose Apply onto: This folder, subfolders and files.
Tick on the box “Change permissions”
Click OK.
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image98.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
After you enable security auditing on the folders, you should be able to see the folder permission changes in the server’s Security event log. Task
Category is File System.
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/
http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/
http://support.microsoft.com/kb/300549
Category is File System.
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/
http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/
http://support.microsoft.com/kb/300549
http://www.windowsitpro.com/article/permissions/auditing-folder-permission-changes
http://www.windowsitpro.com/article/permissions/auditing-permission-changes-on-a-folder
QUESTION 77
You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption
(BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?
A. Unblock-Tpm
B. Add-BitLockerKeyProtector
C. Remove-BitLockerKeyProtector
D. Enable BitLockerAutoUnlock
Correct Answer: B
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The Active Directory protector is a domain
security identifier (SID) based protector for protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a user
account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the
BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage.
BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active Directory identity associated with the
Cluster Network name, as a BitLocker protector to the target disk volumes. Add-BitLockerKeyProtector <drive letter or CSV mount point> –
ADAccountOrGroupProtector ?ADAccountOrGroup $cno
QUESTION 78
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
http://www.windowsitpro.com/article/permissions/auditing-permission-changes-on-a-folder
QUESTION 77
You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption
(BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?
A. Unblock-Tpm
B. Add-BitLockerKeyProtector
C. Remove-BitLockerKeyProtector
D. Enable BitLockerAutoUnlock
Correct Answer: B
Section: 2. Configure file and print services
Explanation
Explanation/Reference:
Explanation:
Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The Active Directory protector is a domain
security identifier (SID) based protector for protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a user
account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the
BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage.
BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active Directory identity associated with the
Cluster Network name, as a BitLocker protector to the target disk volumes. Add-BitLockerKeyProtector <drive letter or CSV mount point> –
ADAccountOrGroupProtector ?ADAccountOrGroup $cno
QUESTION 78
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image99.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image103.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
C. A Name Suffix value of da1.contoso.com and a DNS Server Address value of 65.55.37.62
D. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
Split-brain DNS is the use of the same DNS domain for both Internet and intranet resources. For example, the Contoso Corporation is using split brain
DNS; contoso.com is the domain name for intranet resources and Internet resources. Internet users use http://www.contoso.com to access Contoso’s
public Web site and Contoso employees on the Contoso intranet usehttp://www.contoso.com to access Contoso’s intranet Web site. A Contoso
employee with their laptop that is not a DirectAccess client on the intranet that accesses http: //www.contoso.com sees the intranet Contoso Web site.
When they take their laptop to the local coffee shop and access that same URL, they will see the public Contoso Web site.
When a DirectAccess client is on the Internet, the Name Resolution Policy Table (NRPT) sends DNS name queries for intranet resources to intranet
DNS servers. A typical NRPT for DirectAccess will have a rule for the namespace of the organization, such as contoso.com for the Contoso Corporation,
with the Internet Protocol version 6 (IPv6) addresses of intranet DNS servers. With just this rule in the NRPT, when a user on a DirectAccess client on
the Internet attempts to access the uniform resource locator (URL) for their Web site (such as http: //www.contoso.com), they will see the intranet
version. Because of this rule, they will never see the public version of this URL when they are on the Internet.
For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess
client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess
clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name
suffixes that do not have corresponding DNS servers are treated as exemptions.
http://technet.microsoft.com/en-us/library/ee382323(v=ws.10).aspx
QUESTION 79
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
C. A Name Suffix value of da1.contoso.com and a DNS Server Address value of 65.55.37.62
D. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
Split-brain DNS is the use of the same DNS domain for both Internet and intranet resources. For example, the Contoso Corporation is using split brain
DNS; contoso.com is the domain name for intranet resources and Internet resources. Internet users use http://www.contoso.com to access Contoso’s
public Web site and Contoso employees on the Contoso intranet usehttp://www.contoso.com to access Contoso’s intranet Web site. A Contoso
employee with their laptop that is not a DirectAccess client on the intranet that accesses http: //www.contoso.com sees the intranet Contoso Web site.
When they take their laptop to the local coffee shop and access that same URL, they will see the public Contoso Web site.
When a DirectAccess client is on the Internet, the Name Resolution Policy Table (NRPT) sends DNS name queries for intranet resources to intranet
DNS servers. A typical NRPT for DirectAccess will have a rule for the namespace of the organization, such as contoso.com for the Contoso Corporation,
with the Internet Protocol version 6 (IPv6) addresses of intranet DNS servers. With just this rule in the NRPT, when a user on a DirectAccess client on
the Internet attempts to access the uniform resource locator (URL) for their Web site (such as http: //www.contoso.com), they will see the intranet
version. Because of this rule, they will never see the public version of this URL when they are on the Internet.
For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess
client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess
clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name
suffixes that do not have corresponding DNS servers are treated as exemptions.
http://technet.microsoft.com/en-us/library/ee382323(v=ws.10).aspx
QUESTION 79
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012
R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Create a network policy.
B. Create a connection request policy.
C. Add a RADIUS client.
D. Modify the members of the Remote Management Users group.
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the
circumstances under which they can or cannot connect.
Network policies can be viewed as rules. Each rule has a set of conditions and settings. Configure your VPN server to use Network Access Protection
(NAP) to enforce health requirement policies
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Create a network policy.
B. Create a connection request policy.
C. Add a RADIUS client.
D. Modify the members of the Remote Management Users group.
Correct Answer: A
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the
circumstances under which they can or cannot connect.
Network policies can be viewed as rules. Each rule has a set of conditions and settings. Configure your VPN server to use Network Access Protection
(NAP) to enforce health requirement policies
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image106.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/hh831683.aspx
http://technet.microsoft.com/en-us/library/cc754107.aspx
http://technet.microsoft.com/en-us/library/dd314165%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/windowsserver/dd448603.aspx
http://technet.microsoft.com/en-us/library/dd314165(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/dd469733.aspx
http://technet.microsoft.com/en-us/library/dd469660.aspx
http://technet.microsoft.com/en-us/library/cc753603.aspx
http://technet.microsoft.com/en-us/library/cc754033.aspx
http://technet.microsoft.com/en-us/windowsserver/dd448603.aspx
QUESTION 80
You have a DNS server named Server1.
Server1 has a primary zone named contoso.com.
Zone Aging/Scavenging is configured for the contoso.com zone.
One month ago, an administrator removed a server named Server2 from the network.
You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed
automatically from contoso.com.
You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.
What should you modify?
A. The Expires after value of contoso.com
B. The Record time stamp value of the static resource records
C. The time-to-live (TTL) value of the static resource records
D. The Security settings of the static resource records
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
Reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged.
You can use this procedure to change how a specific resource record is scavenged. A stale record is a record where both the No-Refresh Interval and
Refresh Interval have passed without the time stamp updating.
DNS->View->Advanced
http://technet.microsoft.com/en-us/library/cc754107.aspx
http://technet.microsoft.com/en-us/library/dd314165%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/windowsserver/dd448603.aspx
http://technet.microsoft.com/en-us/library/dd314165(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/dd469733.aspx
http://technet.microsoft.com/en-us/library/dd469660.aspx
http://technet.microsoft.com/en-us/library/cc753603.aspx
http://technet.microsoft.com/en-us/library/cc754033.aspx
http://technet.microsoft.com/en-us/windowsserver/dd448603.aspx
QUESTION 80
You have a DNS server named Server1.
Server1 has a primary zone named contoso.com.
Zone Aging/Scavenging is configured for the contoso.com zone.
One month ago, an administrator removed a server named Server2 from the network.
You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed
automatically from contoso.com.
You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.
What should you modify?
A. The Expires after value of contoso.com
B. The Record time stamp value of the static resource records
C. The time-to-live (TTL) value of the static resource records
D. The Security settings of the static resource records
Correct Answer: B
Section: 3. Configure network services and access
Explanation
Explanation/Reference:
Explanation:
Reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged.
You can use this procedure to change how a specific resource record is scavenged. A stale record is a record where both the No-Refresh Interval and
Refresh Interval have passed without the time stamp updating.
DNS->View->Advanced
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image107.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Depending on the how the resource record was originally added to the zone, do one of the following:
If the record was added dynamically using dynamic update, clear the Delete this record when it becomes stale check box to prevent its aging or potential
removal during the scavenging process. If dynamic updates to this record continue to occur, the Domain Name System (DNS) server will always reset
this check box so that the dynamically updated record can be deleted.
If you added the record statically, select the Delete this record when it becomes stale check box to permit its aging or potential removal during the
scavenging process.
If the record was added dynamically using dynamic update, clear the Delete this record when it becomes stale check box to prevent its aging or potential
removal during the scavenging process. If dynamic updates to this record continue to occur, the Domain Name System (DNS) server will always reset
this check box so that the dynamically updated record can be deleted.
If you added the record statically, select the Delete this record when it becomes stale check box to permit its aging or potential removal during the
scavenging process.
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image109.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
http://technet.microsoft.com/en-us/library/cc759204%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc759204%28v=ws.10%29.aspx
Typically, stale DNS records occur when a computer is permanently removed from the network. Mobile users who abnormally disconnect from the
network can also cause stale DNS records. To help manage stale records, Windows adds a time stamp to dynamically added resource records in
primary zones where aging and scavenging are enabled. Manually added records are time stamped with a value of 0, and they are automatically
excluded from the aging and scavenging process.
To enable aging and scavenging, you must do the following:
Resource records must be either dynamically added to zones or manually modified to be used in aging and scavenging operations.
Scavenging and aging must be enabled both at the DNS server and on the zone.
Scavenging is disabled by default.
http://technet.microsoft.com/en-us/library/cc759204%28v=ws.10%29.aspx
Typically, stale DNS records occur when a computer is permanently removed from the network. Mobile users who abnormally disconnect from the
network can also cause stale DNS records. To help manage stale records, Windows adds a time stamp to dynamically added resource records in
primary zones where aging and scavenging are enabled. Manually added records are time stamped with a value of 0, and they are automatically
excluded from the aging and scavenging process.
To enable aging and scavenging, you must do the following:
Resource records must be either dynamically added to zones or manually modified to be used in aging and scavenging operations.
Scavenging and aging must be enabled both at the DNS server and on the zone.
Scavenging is disabled by default.
![NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/image110.png "NEW! 70-411 EXAM] Microsoft.BrainDumps.by.Sacriestory_Aikonfx.383q PART4 (61-80) EXAM A VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
DNS scavenging depends on the following two settings:
No-refresh interval: The time between the most recent refresh of a record time stamp and the moment when the time stamp can be refreshed again.
When scavenging is enabled, this is set to 7 days by default.
Refresh interval: The time between the earliest moment when a record time stamp can be refreshed and the earliest moment when the record can be
scavenged. The refresh interval must be longer than the maximum record refresh period. When scavenging is enabled, this is set to 7 days by default.
A DNS record becomes eligible for scavenging after both the no-refresh and refresh intervals have elapsed. If the default values are used, this is a total
of 14 days.
http://technet.microsoft.com/en-us/library/cc759204%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc771570.aspx
http://technet.microsoft.com/en-us/library/cc771677.aspx
http://technet.microsoft.com/en-us/library/cc758321(v=ws.10).aspx
No-refresh interval: The time between the most recent refresh of a record time stamp and the moment when the time stamp can be refreshed again.
When scavenging is enabled, this is set to 7 days by default.
Refresh interval: The time between the earliest moment when a record time stamp can be refreshed and the earliest moment when the record can be
scavenged. The refresh interval must be longer than the maximum record refresh period. When scavenging is enabled, this is set to 7 days by default.
A DNS record becomes eligible for scavenging after both the no-refresh and refresh intervals have elapsed. If the default values are used, this is a total
of 14 days.
http://technet.microsoft.com/en-us/library/cc759204%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc771570.aspx
http://technet.microsoft.com/en-us/library/cc771677.aspx
http://technet.microsoft.com/en-us/library/cc758321(v=ws.10).aspx
Latest online browsing the 70-411 exam!
70-411 PDF dumps & 70-411 VCE dumps: http://examsavior.com/70-411
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment