Pass4sure offers free demo for exam ref 70 411 exam. "Administering Windows Server 2012", also known as 70 411 administering windows server 2012 r2 pdf exam, is a Microsoft Certification. This set of posts, Passing the Microsoft mcp 70 411 exam, will help you answer those questions. The exam 70 411 Questions & Answers covers all the knowledge points of the real exam. 100% real Microsoft examcollection 70 411 exams and revised by experts!
Q71. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object.
B. From Active Directory Administrative Center, pre-create an RODC computer account.
C. From Ntdsutil, run the local roles command.
D. Join DC10 to the domain. Run dsmod and specify the /server switch.
Answer: B
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1. Staging an unoccupied computer account
2. Attaching an RODC to that account during promotion
Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)
Q72. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.
Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.
You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.
Which two nodes should you configure from the Network Policy Server console?
To answer, select the appropriate two nodes in the answer area.
Answer:
Q73. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.
You pre-create a read-only domain controller (P.QDC) account named RODC1.
You export the settings of RODC1 to a file named Filel.txt.
You need to promote RODC1 by using File1.txt.
Which tool should you use?
A. The Install-WindowsFeature cmdlet
B. The Add-WindowsFeature cmdlet
C. The Dism command
D. The Install-ADDSDomainController cmdlet
E. the Dcpromo command
Answer: E
Q74. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
The domain contains a top-level organizational unit (OU) for each department. A group
named Group1 contains members from each department.
You have a GPO named GPO1 that is linked to the domain.
You need to configure GPO1 to apply settings to Group1 only.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: J
Explanation:
Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify a user, security group, or computer for which to set the permission level.
-Replace <SwitchParameter> Specifies that the existing permission level for the group or user is removed before the new permission level is set. If a security principal is already granted a permission level that is higher than the specified permission level and you do not use the Replace parameter, no change is made.
Reference: http: //technet. microsoft. com/en-us/library/ee461038. aspx
Q75. Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain.
You need to create NAP event trace log files on a client computer.
What should you run?
A. logman
B. Register-ObjectEvent
C. tracert
D. Register-EngineEvent
Answer: A
Explanation:
You can enable NAP client tracing by using the command line. On computers running Windows Vista., you can enable tracing by using the NAP Client Configuration console. NAP client tracing files are written in Event Trace Log (ETL) format. These are binary files representing trace data that must be decoded by Microsoft support personnel. Use the –o option to specify the directory to which they are written. In the following example, files are written to %systemroot%\tracing\nap. For more information, see Logman (http: //go. microsoft.com/fwlink/?LinkId=143549).
To create NAP event trace log files on a client computer
Open a command line as an administrator.
Type
logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o
%systemroot%\tracing\nap\QAgentRt. etl –ets.
Note: To troubleshoot problems with WSHA, use the following GUID: 789e8f15-0cbf-4402-b0ed-0e22f90fdc8d.
Reproduce the scenario that you are troubleshooting.
Type logman stop QAgentRt -ets.
Close the command prompt window.
References:
http: //technet. microsoft. com/en-us/library/dd348461%28v=ws. 10%29. aspx
Q76. HOTSPOT
Your network contains a DNS server named Server1. Server1 hosts a DNS zone for contoso.com.
You need to ensure that DNS clients cache records from contoso.com for a maximum of one hour.
Which value should you modify in the Start of Authority (SOA) record? To answer, select the appropriate setting in the answer area.
Answer:
Q77. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Advanced option.
B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C. From the File Server Resource Manager console, modify the Email Notifications settings.
D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option.
Answer: A
Reference: http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12
Explanation:
When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both.
The owner distribution list is configured by using the SMB Share – Advanced file share profile in the New Share Wizard in Server Manager.
Q78. DRAG DROP
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named user1.
User1 is the member of a group named Group1. Group1 is in the Users container.
You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
The Authenticated Users group is assigned the default permissions to all of the GPOs.
There are no site-level GPOs.
You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1.
Which three GPOs should you identify in sequence? To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.
Answer:
Q79. HOTSPOT
You have a server named Server1 that has the Network Policy and Access Services server role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
Answer:
Q80. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?
A. Create a network policy.
B. Create a connection request policy.
C. Add a RADIUS client.
D. Modify the members of the Remote Management Users group.
Answer: A
Explanation:
Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can or cannot connect.
Network policies can be viewed as rules. Each rule has a set of conditions and settings.
Configure your VPN server to use Network Access Protection (NAP) to enforce health requirement policies.
References: http: //technet. microsoft. com/en-us/library/hh831683. aspx
http: //technet. microsoft. com/en-us/library/cc754107. aspx
http: //technet. microsoft. com/en-us/library/dd314165%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/windowsserver/dd448603. aspx
http: //technet. microsoft. com/en-us/library/dd314165(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/dd469733. aspx
http: //technet. microsoft. com/en-us/library/dd469660. aspx
http: //technet. microsoft. com/en-us/library/cc753603. aspx
http: //technet. microsoft. com/en-us/library/cc754033. aspx
http: //technet. microsoft. com/en-us/windowsserver/dd448603. aspx