Proper study guides for Replace Microsoft Administering Windows Server 2012 certified begins with Microsoft mcp 70 411 preparation products which designed to deliver the Download 70 411 exam dumps pdf questions by making you pass the 70 411 exam questions test at your first time. Try the free exam ref 70 411 demo right now.

Q131. DRAG DROP 

Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. 

The schema is upgraded to Windows Server 2012 R2. 

Contoso.com contains two servers. The servers are configured as shown in the following table. 

Server1 and Server2 host a load-balanced application pool named AppPool1. 

You need to ensure that AppPool1 uses a group Managed Service Account as its identity. 

Which three actions should you perform? 

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Answer: 


Q132. You have a file server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. 

Files created by users in the human resources department are assigned the Department classification property automatically. 

You are configuring a file management task named Task1 to remove user files that have not been accessed for 60 days or more. 

You need to ensure that Task1 only removes files that have a Department classification property of human resources. The solution must minimize administrative effort. 

What should you configure on Task1? 

A. Configure a file screen 

B. Create a condition 

C. Create a classification rule 

D. Create a custom action 

Answer:

Explanation: 

Create a File Expiration Task The following procedure guides you through the process of creating a file management task for expiring files. File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them. Property conditions. Click Add to create a new condition based on the file’s classification. This will open the Property Condition dialog box, which allows you to select a property, an operator to perform on the property, and the value to compare the property against. After clicking OK, you can then create additional conditions, or edit or remove an existing condition. 


Q133. Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table. 

You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3. 

Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.) 

A. The Authentication settings 

B. The Standard RADIUS Attributes settings 

C. The Location Groups condition 

D. The Identity Type condition 

E. The User Name condition 

Answer: A,E 

Explanation: 

The User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern-matching syntax to specify user names. 

By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network. Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access-Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy 

Connection request policies are sets of conditions and profile settings that give network administrators flexibility in configuring how incoming authentication and accounting request messages are handled by the IAS server. With connection request policies, you can create a series of policies so that some RADIUS request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS server) and other types of messages are forwarded to another RADIUS server (IAS is being used as a RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios. 

With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on the time of day and day of the week, by the realm name in the request, by the type of connection being requested, by the IP address of the RADIUS client, and so on. 

References: http: //technet. microsoft. com/en-us/library/cc757328. aspx 

http: //technet. microsoft. com/en-us/library/cc753603. aspx 


Q134. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. 

You create a central store for Group Policy. 

You receive a custom administrative template named Template1.admx. 

You need to ensure that the settings in Template1.admx appear in all new Group Policy objects (GPOs). 

What should you do? 

A. From the Default Domain Controllers Policy, add Template1.admx to the Administrative Templates. 

B. From the Default Domain Policy, add Template1.admx to the Administrative Templates. 

C. Copy Template1.admx to \\Contoso.com\SYSVOL\Contoso.com\Policies\PolicyDefinitions\. 

D. Copy Template1.admx to \\Contoso.com\NETLOGON. 

Answer:

Explanation: 

Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs. 


Q135. You are a network administrator of an Active Directory domain named contoso.com. 

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed. 

You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. 

You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. 

Which criteria should you specify when you create the DHCP policy? 

A. The client identifier 

B. The user class 

C. The vendor class 

D. The relay agent information 

Answer:

Explanation: 

To configure a NAP-enabled DHCP server 

On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press ENTER. 

In the DHCP console, open <servername>\IPv4. 

Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties. 

On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK. 

In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, and then click Configure Options. 

On the Advanced tab, verify that Default User Class is selected next to User class. 

Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization's domain name (for example, woodgrovebank. local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients. On the Advanced tab, next to User class, choose Default Network Access Protection Class. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted. Woodgrovebank. local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients. Click OK to close the Scope Options dialog box. Close the DHCP console. 

Reference: http: //technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx 


Q136. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. 

A network administrator accidentally deletes the Default Domain Policy GPO. 

You do not have a backup of any of the GPOs. 

You need to recreate the Default Domain Policy GPO. 

What should you use? 

A. Dcgpofix 

B. Get-GPOReport 

C. Gpfixup 

D. Gpresult 

E. Gpedit. msc 

F. Import-GPO 

G. Restore-GPO 

H. Set-GPInheritance 

I. Set-GPLink 

J. Set-GPPermission 

K. Gpupdate 

L. Add-ADGroupMember 

Answer:

Explanation: 

Dcgpofix Restores the default Group Policy objects to their original state (that is, the default state after initial installation). 

Reference: http: //technet. microsoft. com/en-us/library/hh875588(v=ws. 10). aspx 


Q137. Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. 

All of the network access servers forward connection requests to Server1. 

You create a new network policy on Server1. 

You need to ensure that the new policy applies only to connection requests from the 192.168.0.0/24 subnet. 

What should you do? 

A. Set the Client IP4 Address condition to 192.168.0.0/24. 

B. Set the Client IP4 Address condition to 192.168.0. 

C. Set the Called Station ID constraint to 192.168.0.0/24. 

D. Set the Called Station ID constraint to 192.168.0. 

Answer:

Explanation: 

RADIUS client properties 

Following are the RADIUS client conditions that you can configure in network policy. 

. Calling Station ID: Specifies the network access server telephone number that was dialed by the dial-up access client. 

. Client Friendly Name: Specifies the name of the RADIUS client that forwarded the connection request to the NPS server. 

. Client IPv4 Address: Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server. 

. Client IPv6 Address: Specifies the Internet Protocol (IP) version 6 address of the RADIUS client that forwarded the connection request to the NPS server. 

. Client Vendor: Specifies the name of the vendor or manufacturer of the RADIUS client that sends connection requests to the NPS server. 

. MS RAS Vendor: Specifies the vendor identification number of the network access server that is requesting authentication. 


Q138. You have a server named Server1 that runs Windows Server 2012 R2. 

You need to configure Server1 to create an entry in an event log when the processor usage exceeds 60 percent. 

Which type of data collector should you create? 

A. An event trace data collector 

B. A performance counter alert 

C. A performance counter data collector 

D. A configuration data collector 

Answer:

Explanation: 

Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid unnecessary alerts. 


Q139. You have a server named Server 1. 

You enable BitLocker Drive Encryption (BitLocker) on Server 1. 

You need to change the password for the Trusted Platform Module (TPM) chip. 

What should you run on Server1? 

A. Manage-bde.exe 

B. Set-TpmOwnerAuth 

C. bdehdcfg.exe 

D. tpmvscmgr.exe 

Answer:

Explanation: 

The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry. 

Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value. 


Q140. HOTSPOT 

You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate. 

You need to configure a website on Server1 to use Secure Sockets Layer (SSL). 

To which store should you import the certificate? To answer, select the appropriate store in the answer area. 

Answer: