Cause all that matters here is passing the Microsoft exam ref 70 411 exam. Cause all that you need is a high score of exam ref 70 411 administering windows server 2012 r2 pdf Administering Windows Server 2012 exam. The only one thing you need to do is downloading Pass4sure 70 411 pdf exam study guides now. We will not let you down with our money-back guarantee.
Q1. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
A. From the General settings, modify the Startup type.
B. From the General settings, modify the Service status.
C. From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
D. From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
Answer: C
Explanation:
Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to None. Virtual machine state must be managed through the Failover Clustering feature.
Virtual machine application monitoring and management
In clusters running Windows Server 2012, administrators can monitor services on clustered virtual machines that are also running Windows Server 2012. This functionality extends the high-level monitoring of virtual machines that is implemented in Windows Server 2008 R2 failover clusters. If a monitored service in a virtual machine fails, the service can be restarted, or the clustered virtual machine can be restarted or moved to another node (depending on service restart settings and cluster failover settings). This feature increases the uptime of high availability services that are running on virtual machines within a failover cluster.
Windows Server 2012 Failover Cluster introduces a new capability for Hyper-V virtual machines (VMs), which is a basic monitoring of a service within the VM which causes the VM to be rebooted should the monitored service fail three times. For this feature to work the following must be configured:
. Both the Hyper-V servers must be Windows Server 2012 and the guest OS
running in the VM must be Windows Server 2012.
. The host and guest OSs are in the same or at least trusting domains.
. The Failover Cluster administrator must be a member of the local administrator's group inside the VM. Ensure the service being monitored is set to Take No Action (see screen shot below) within the guest VM for Subsequent failures (which is used after the first and second failures) and is set via the Recovery tab of the service properties within the Services application (services. msc).
Within the guest VM, ensure the Virtual Machine Monitoring firewall exception is enabled for the Domain network by using the Windows Firewall with Advanced Security application or by using the Windows PowerShell command below: Set-NetFirewallRule -DisplayGroup "Virtual Machine Monitoring" -Enabled True.
After the above is true, enabling the monitoring is a simple process: Launch the Failover Cluster Manager tool. Navigate to the cluster - Roles. Right click on the virtual machine role you wish to enable monitoring for and under More Actions select Configure Monitoring.
. The services running inside the VM will be gathered and check the box for the services that should be monitored and click OK.
You are done!
Monitoring can also be enabled using the Add-ClusterVMMonitoredItemcmdlet and -VirtualMachine, with the -Service parameters, as the example below shows: PS C:\Windows\system32> Add-ClusterVMMonitoredItem -VirtualMachine savdaltst01 -Service spooler
References:
http: //sportstoday. us/technology/windows-server-2012---continuous-availability-%28part-4%29---failover-clustering-enhancements---virtual-machine-monitoring-. aspx
http: //windowsitpro. com/windows-server-2012/enable-windows-server-2012-failover-cluster-hyper-v-vm-monitoring
http: //technet. microsoft. com/en-us/library/cc742396. aspx
Q2. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
Answer: E
Explanation: The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.
Example: Get-ADOptionalFeature 'Recycle Bin Feature'
Get the optional feature with the name 'Recycle Bin Feature'.
Reference: Get-ADOptionalFeature
https://technet.microsoft.com/en-us/library/ee617218.aspx
Q3. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when client computers start.
When a client computer starts, you discover that it takes a long time before users are prompted to log on.
You need to reduce the amount of time it takes for the client computers to start. The solution must not prevent scripts from completing successfully.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
Answer:
Q4. Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2.
DirectAccess is deployed to the network.
Remote users connect to the DirectAccess server by using a variety of network speeds.
The remote users report that sometimes their connection is very slow.
You need to minimize Group Policy processing across all wireless wide area network
(WWAN) connections.
Which Group Policy setting should you configure?
A. Configure Group Policy slow link detection.
B. Configure Direct Access connections as a fast network connection.
C. Configure wireless policy processing.
D. Change Group Policy processing to run asynchronously when a slow network connection is detected.
Answer: A
Q5. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
. Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
. Ensure that all storage reports are saved to a network share.
Which two nodes should you configure? To answer, select the appropriate two nodes in the answer area.
Answer:
Q6. Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which user accounts were authenticated by RODC1.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
Answer: B
Explanation: Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.
Reference: Get-ADDomainControllerPasswordReplicationPolicyUsage
https://technet.microsoft.com/en-us/library/ee617194.aspx
Q7. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Desktop Session Host role service installed. The computer account of Server1 resides in an organizational unit (OU) named OU1.
You create and link a Group Policy object (GPO) named GPO1 to OU1.
You need to prevent GPO1 from applying to your user account when you log on to Server1. GPO1 must apply to every other user who logs on to Server1.
What should you configure?
A. Security Filtering.
B. WMI Filtering.
C. Block Inheritance.
D. Item-level targeting.
Answer: D
Explanation:
You can use item-level targeting to change the scope of individual preference items, so they apply only to selected users or computers. Within a single Group Policy object (GPO), you can include multiple preference items, each customized for selected users or computers and each targeted to apply settings only to the relevant users or computers.
Reference: https://technet.microsoft.com/en-us/library/cc733022.aspx
Q8. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 has the Network Policy Server server role installed. Server2 has the DHCP Server server role installed. Both servers run Windows Server 2012 R2.
You are configuring Network Access Protection (NAP) to use DHCP enforcement.
You configure a DHCP scope as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that non-compliant NAP clients receive different DHCP options than compliant NAP clients.
What should you configure on each server? To answer, select the appropriate options for each server in the answer area.
Answer:
Q9. You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?
A. Manage-bde.exe
B. Set-TpmOwnerAuth
C. bdehdcfg.exe
D. tpmvscmgr.exe
Answer: B
Explanation:
The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value. You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value. You can specify a new owner authorization value or specify a file that contains the new value.
Q10. Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows Server 2012 R2.
Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.
You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E.
Which command should you run?
A. manage-bde -protectors -add c: -startup e:
B. manage-bde -lock e:
C. manage-bde -protectors -add e: -startupkey c:
D. manage-bde -on e:
Answer: D
Explanation:
Manage-bde: on
Encrypts the drive and turns on BitLocker.
Example:
The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.
manage-bde –on C: -recoverypassword
Q11. You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure a pre-staged device for VM1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)
A. 979708BFC04B45259FE0C4150BB6C618
B. 979708BF-C04B-4525-9FE0-C4150BB6C618
C. 00155D000F1300000000000000000000
D. 0000000000000000000000155D000F13
E. 00000000-0000-0000-0000-C4150BB6C618
Answer: B,D
Explanation:
Use client computer's media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX-XXXXXXXXXXXX}.
Reference: http: //technet. microsoft. com/en-us/library/cc754469. aspx
Q12. You have a group Managed Service Account named Service01. Three servers named Server01, Server02, and Server03 currently use the Service01 service account.
You plan to decommission Server01.
You need to remove the cached password of the Service01 service account from Server01. The solution must ensure that Server02 and Server 03 continue to use Service01.
Which cmdlet should you run?
A. Set-ADServiceAccount
B. Remove-ADServiceAccount
C. Uninstall-ADServiceAccount
D. Reset-ADServiceAccountPassword
Answer: B
Explanation: The Remove-ADServiceAccount cmdlet removes an Active Directory service account. This cmdlet does not make changes to any computers that use the service account. After this operation, the service account is no longer hosted on the target computer but still exists in the directory.
Incorrect:
Not C: The Uninstall-ADServiceAccount cmdlet removes an Active Directory service
account on the computer on which the cmdlet is run. The specified service account must be installed on the computer.
Reference: Remove-ADServiceAccount
https://technet.microsoft.com/en-us/library/ee617190.aspx
Q13. You have a DNS server named Server1.
Server1 has a primary zone named contoso.com.
Zone Aging/Scavenging is configured for the contoso.com zone.
One month ago, an administrator removed a server named Server2 from the network.
You discover that a static resource record for Server2 is present in contoso.com. Resource records for decommissioned client computers are removed automatically from contoso.com.
You need to ensure that the static resource records for all of the servers are removed automatically from contoso.com.
What should you modify?
A. The Expires after value of contoso.com
B. The Record time stamp value of the static resource records
C. The time-to-live (TTL) value of the static resource records
D. The Security settings of the static resource records
Answer: B
Explanation:
Reset and permit them to use a current (non-zero) time stamp value. This enables these records to become aged and scavenged.
You can use this procedure to change how a specific resource record is scavenged.
A stale record is a record where both the No-Refresh Interval and Refresh Interval have passed without the time stamp updating.
DNS->View->Advanced
Depending on the how the resource record was originally added to the zone, do one of the following: If the record was added dynamically using dynamic update, clear the Delete this record when it becomes stale check box to prevent its aging or potential removal during the scavenging process. If dynamic updates to this record continue to occur, the Domain Name System (DNS) server will always reset this check box so that the dynamically updated record can be deleted.
If you added the record statically, select the Delete this record when it becomes stale check box to permit its aging or potential removal during the scavenging process.
References: http: //technet. microsoft. com/en-us/library/cc759204%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc759204%28v=ws. 10%29. aspx
Typically, stale DNS records occur when a computer is permanently removed from the network. Mobile users who abnormally disconnect from the network can also cause stale DNS records. To help manage stale records, Windows adds a time stamp to dynamically added resource records in primary zones where aging and scavenging are enabled. Manually added records are time stamped with a value of 0, and they are automatically excluded from the aging and scavenging process.
To enable aging and scavenging, you must do the following:
Resource records must be either dynamically added to zones or manually modified to be used in aging and scavenging operations.
Scavenging and aging must be enabled both at the DNS server and on the zone.
Scavenging is disabled by default.
DNS scavenging depends on the following two settings:
No-refresh interval: The time between the most recent refresh of a record time stamp and the moment when the time stamp can be refreshed again. When scavenging is enabled, this is set to 7 days by default.
Refresh interval: The time between the earliest moment when a record time stamp can be refreshed and the earliest moment when the record can be scavenged. The refresh interval must be longer than the maximum record refresh period. When scavenging is enabled, this is set to 7 days by default.
A DNS record becomes eligible for scavenging after both the no-refresh and refresh intervals have elapsed. If the default values are used, this is a total of 14 days.
References: http: //technet. microsoft. com/en-us/library/cc759204%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc759204%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/cc771570. aspx
http: //technet. microsoft. com/en-us/library/cc771677. aspx
http: //technet. microsoft. com/en-us/library/cc758321(v=ws. 10). aspx
Q14. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4.
Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1.
You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Answer:
Q15. DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1.
You need to create an Active Directory snapshot on DC1.
Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer
area and arrange them in the correct order.
Answer: