It is more faster and easier to pass the Microsoft 70-411 exam by using Printable Microsoft Administering Windows Server 2012 questuins and answers. Immediate access to the Renovate 70-411 Exam and find the same core area 70-411 questions with professionally verified answers, then PASS your exam with a high score now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-411 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-411 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-411-exam-dumps.html
2021 Apr 70-411 exams
Q121. Your network contains a domain controller named DC1 that runs Windows Server 2012 R2. You create a custom Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to collect the following information:
. The amount of Active Directory data replicated between DC1 and the other domain controllers
. The current values of several registry settings
Which two should you configure in DCS1? (Each correct answer presents part of the solution. Choose two.)
A. Event trace data
B. A Performance Counter Alert
C. System configuration information
D. A performance counter
Answer: B,C
Explanation:
Automatically run a program when the amount of total free disk space on Server1 drops below 10 percent of capacity.
You can also configure alerts to start applications and performance logs Log the current values of several registry settings.
System configuration information allows you to record the state of, and changes to, registry keys.
Total free disk space
Registry settings
Run a program on alert
Reference: http: //technet. microsoft. com/en-us/library/cc766404. aspx
Q122. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You create a central store for Group Policy.
You receive a custom administrative template named Template1.admx.
You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs).
What should you do?
A. From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates.
B. From the Default Domain Policy, add Template1.admx to the Administrative Templates.
C. Copy Template1.admx to \Contoso.comSYSVOLContoso.comPoliciesPolicyDefinitions.
D. Copy Template1.admx to \Contoso.comNETLOGON.
Answer: C
Explanation:
Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs.
Q123. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a Network Policy Server (NPS) network policy named Policy1. You need to ensure that Policy1 applies to L2TP connections only.
Which condition should you modify?
To answer, select the appropriate object in the answer area.
Answer:
Q124. You have a group Managed Service Account named Service01. Three servers named Server01, Server02, and Server03 currently use the Service01 service account.
You plan to decommission Server01.
You need to remove the cached password of the Service01 service account from Server01. The solution must ensure that Server02 and Server 03 continue to use Service01.
Which cmdlet should you run?
A. Set-ADServiceAccount
B. Remove-ADServiceAccount
C. Uninstall-ADServiceAccount
D. Reset-ADServiceAccountPassword
Answer: B
Explanation: The Remove-ADServiceAccount cmdlet removes an Active Directory service account. This cmdlet does not make changes to any computers that use the service account. After this operation, the service account is no longer hosted on the target computer but still exists in the directory.
Incorrect:
Not C: The Uninstall-ADServiceAccount cmdlet removes an Active Directory service
account on the computer on which the cmdlet is run. The specified service account must be installed on the computer.
Reference: Remove-ADServiceAccount
https://technet.microsoft.com/en-us/library/ee617190.aspx
Q125. Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named IT and an OU named Sales.
All of the help desk user accounts are located in the IT OU. All of the sales user accounts are located in the Sales OU. The Sales OU contains a global security group named G_Sales. The IT OU contains a global security group named G_HelpDesk.
You need to ensure that members of G_HelpDesk can perform the following tasks:
. Reset the passwords of the sales users.
. Force the sales users to change their password at their next logon.
What should you do?
A. Run the Set-ADAccountPasswordcmdlet and specify the -identity parameter.
B. Right-click the Sales OU and select Delegate Control.
C. Right-click the IT OU and select Delegate Control.
D. Run the Set-ADFineGrainedPasswordPolicycmdlet and specify the -identity parameter.
Answer: B
Explanation:
G_HelpDesk members need to be allowed to delegate control on the Sales OU as it contains the sales users (G_Sales)
You can use the Delegation of Control Wizard to delegate the Reset Password permission to the delegated user.
References: http: //support. microsoft. com/kb/296999/en-us
http: //support. microsoft. com/kb/296999/en-us
http: //technet. microsoft. com/en-us/library/cc732524. aspx
Far out 70-411 vce:
Q126. Your network contains an Active Directory domain named contoso.com.
You create a user account named User1. The properties of User1 are shown in the exhibit. (Click the Exhibit button.)
You plan to use the User1 account as a service account. The service will forward authentication requests to other servers.
You need to ensure that you can view the Delegation tab from the properties of the User1 account.
What should you do first?
A. Configure the Name Mappings of User1.
B. Modify the user principal name (UPN) of User1.
C. Configure a Service Principal Name (SPN) for User1.
D. Modify the Security settings of User1.
Answer: C
Explanation:
If you cannot see the Delegation tab, do one or both of the following:
Register a Service Principal Name (SPN) for the user account with the Setspn utility in the
support tools on your CD. Delegation is only intended to be used by service accounts,
which should have registered SPNs, as opposed to a regular user account which typically
does not have SPNs.
Raise the functional level of your domain to Windows Server 2003. For more information,
see Related Topics.
References:
http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx
http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx
http: //technet. microsoft. com/en-us/library/cc739474(v=ws. 10). aspx
http: //blogs. msdn. com/b/mattlind/archive/2010/01/14/delegation-tab-in-aduc-not-available-until-a-spn-is-set. aspx
Q127. Your network contains an Active Directory domain named contoso.com. The domain
contains a RADIUS server named Server1 that runs Windows Server 2012 R2.
You add a VPN server named Server2 to the network.
On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
A. Server Manager
B. Routing and Remote Access
C. New-NpsRadiusClient
D. Connection Manager Administration Kit (CMAK)
Answer: C
Explanation:
New-NpsRadiusClient -Name "NameOfMyClientGroup" -Address "10.1.0.0/16" -AuthAttributeRequired 0 -NapCompatible 0 -SharedSecret "SuperSharedSecretxyz" -VendorName "RADIUS Standard"
Reference:
http: //technet. microsoft. com/en-us/library/hh918425(v=wps. 620). aspx
http: //technet. microsoft. com/en-us/library/jj872740(v=wps. 620). aspx
http: //technet. microsoft. com/en-us/library/dd469790. aspx
Q128. HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2.
You configure Network Access Protection (NAP) on Server1.
Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly.
You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.
Answer:
Q129. Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2012 R2. The domain contains a virtual machine named DC2.
On DC2, you run Get-ADDCCIoningExcludedApplicationList and receive the output shown in the following table.
You need to ensure that you can clone DC2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: A,E
Explanation:
Because domain controllers provide a distributed environment, you could not safely clone an Active Directory domain controller in the past.
Before, if you cloned any server, the server would end up with the same domain or forest, which is unsupported with the same domain or forest. You would then have to run sysprep, which would remove the unique security information before cloning and then promote a domain controller manually. When you clone a domain controller, you perform safe cloning, which a cloned domain controller automatically runs a subset of the sysprep process and promotes the server to a domain controller automatically.
The four primary steps to deploy a cloned virtualized domain controller are as follows:
. Grant the source virtualized domain controller the permission to be cloned by
adding the source virtualized domain controller to the Cloneable Domain
Controllers group.
. Run Get-ADDCCloningExcludedApplicationListcmdlet in Windows PowerShell to determine which services and applications on the domain controller are not compatible with the cloning.
. Run New-ADDCCloneConfigFile to create the clone configuration file, which is stored in the C:WindowsNTDS.
. In Hyper-V, export and then import the virtual machine of the source domain controller.
Run Get-ADDCCloningExcludedApplicationListcmdlet In this procedure, run the Get-ADDCCloningExcludedApplicationListcmdlet on the source virtualized domain controller to identify any programs or services that are not evaluated for cloning. You need to run the Get-ADDCCloningExcludedApplicationListcmdlet before the New-ADDCCloneConfigFilecmdlet because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. To identify applications or services that run on a source domain controller which have not been evaluated for cloning.
Get-ADDCCloningExcludedApplicationList
Get-ADDCCloningExcludedApplicationList -GenerateXml
The clone domain controller will be located in the same site as the source domain controller unless a different site is specified in the DCCloneConfig.xml file.
Note:
. The Get-ADDCCloningExcludedApplicationListcmdlet searches the local domain controller for programs and services in the installed programs database, the services control manager that are not specified in the default and user defined inclusion list. The applications in the resulting list can be added to the user defined exclusion list if they are determined to support cloning. If the applications are not cloneable, they should be removed from the source domain controller before the clone media is created. Any application that appears in cmdlet output and is not included in the user defined inclusion list will force cloning to fail.
. The Get-ADDCCloningExcludedApplicationListcmdlet needs to be run before the New- ADDCCloneConfigFilecmdlet is used because if the New-ADDCCloneConfigFilecmdlet detects an excluded application, it will not create a DCCloneConfig.xml file.
. DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more. This file can be generated in a few different ways.
The New-ADDCCloneConfigcmdlet in PowerShell
By hand with an XML editor
By editing an existing config file, again with an XML editor (Notepad is not an XML editor.)
You can populate the XML file. . . . . doesn't need to be empty. . . . .
References: http: //technet. microsoft. com/en-us/library/hh831734. aspx
http: //blogs. dirteam. com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning. aspx
Q130. You have a server named Server1 that runs Windows Server 2012 R2.
You create a custom Data Collector Set (DCS) named DCS1.
You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.
Which type of data collector should you create?
A. A performance counter alert
B. A configuration data collector
C. A performance counter data collector
D. An event trace data collector
Answer: A
Explanation:
Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid unnecessary alerts.