It is more faster and easier to pass the Microsoft 70 411 exam dumps pdf exam by using Actual Microsoft Administering Windows Server 2012 questuins and answers. Immediate access to the Improve 70 411 administering windows server 2012 r2 pdf Exam and find the same core area microsoft 70 411 questions with professionally verified answers, then PASS your exam with a high score now.

Q16. Your network contains two servers named Served and Server 2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. 

On Server1, you create a standard primary zone named contoso.com. 

You plan to create a standard primary zone for ad.contoso.com on Server2. 

You need to ensure that Server1 forwards all queries for ad.contoso.com to Server2. 

What should you do from Server1? 

A. Create a trust anchor named Server2. 

B. Create a conditional forward that points to Server2. 

C. Add Server2 as a name server. 

D. Create a zone delegation that points to Server2. 

Answer:

Explanation: 

You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone. For more information, see Understanding Zone Delegation. 


Q17. Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server. 

You need to ensure that only computers that send a statement of health are checked for Network Access Protection (NAP) health requirements. 

Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.) 

A. The Called Station ID constraints 

B. The MS-Service Class conditions 

C. The Health Policies conditions 

D. The NAS Port Type constraints 

E. The NAP-Capable Computers conditions 

Answer: C,E 

Reference: 

http://technet.microsoft.com/en-us/library/cc753603.aspx 

http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/cc731560.aspx 


Q18. HOTSPOT 

You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate. 

You need to configure a website on Server1 to use Secure Sockets Layer (SSL). 

To which store should you import the certificate? To answer, select the appropriate store in the answer area. 

Answer: 


Q19. HOTSPOT 

You have a server named Servers that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. 

Server5 contains several custom images of Windows 8. 

You need to ensure that when 32-bit client computers start by using PXE, the computers automatically install an image named Image 1. 

What should you configure? 

To answer, select the appropriate tab in the answer area. 

Answer: 


Q20. Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. 

You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.) 

On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data. A group named Group1 has full control of the content in Share1. 

You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a file in Share1. 

What should you configure? 

A. the Audit File Share setting of Servers GPO 

B. the Sharing settings of C:\Share1 

C. the Audit File System setting of Servers GPO 

D. the Security settings of C:\Share1 

Answer:

Explanation: 

You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. 

Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node. 

File access, modification and deletion can only be tracked, if the object access auditing is enabled you can see the entries in the event log. 

To view connections to shared resources, type net session at a command prompt or follow these steps: 

In Computer Management, connect to the computer on which you created the shared resource. 

In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers. 

To enable folder permission auditing, you can follow the below steps: 

Click start and run "secpol. msc" without quotes. 

Open the Local Policies\Audit Policy 

Enable the Audit object access for "Success" and "Failure". 

Go to target files and folders, right click the folder and select properties. 

Go to Security Page and click Advanced. 

Click Auditing and Edit. 

Click add, type everyone in the Select User, Computer, or Group. 

Choose Apply onto: This folder, subfolders and files. 

Tick on the box “Change permissions” 

Click OK. 

After you enable security auditing on the folders, you should be able to see the folder permission changes in the server's Security event log. Task Category is File System. 

References: 

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/ 

http: //technet. microsoft. com/en-us/library/cc753927(v=ws. 10). aspx 

http: //social. technet. microsoft. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/ 

http: //support. microsoft. com/kb/300549 

http: //www. windowsitpro. com/article/permissions/auditing-folder-permission-changes 

http: //www. windowsitpro. com/article/permissions/auditing-permission-changes-on-a-folder 


Q21. Your network contains two servers named Server1 and Server2 that run windows Server 2012 R2. Server1 and 5erver2 have the Windows Server Update Services server role installed. 

Server1 synchronizes from Microsoft Update. Server2 is a Windows Server Update Services (WSUS) replica of Server1. 

You need to configure replica downstream servers to send Server1 summary information about the computer update status. 

What should you do? 

A. From Server1, configure Reporting Rollup. 

B. From Server2, configure Reporting Rollup. 

C. From Server2, configure Email Notifications. 

D. From Server1, configure Email Notifications. 

Answer:

Explanation: 

WSUS Reporting Rollup Sample Tool 

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files. For more information read the readme file. 

Reference: http: //technet. microsoft. com/en-us/windowsserver/bb466192. aspx 


Q22. You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2. All of the nodes have BitLocker Drive Encryption (BitLocker) enabled. 

You enable BitLocker on a Cluster Shared Volume (CSV). 

You need to ensure that all of the cluster nodes can access the CSV. 

Which cmdlet should you run next? 

A. Unblock-Tpm 

B. Add-BitLockerKeyProtector 

C. Remove-BitLockerKeyProtector 

D. Enable BitLockerAutoUnlock 

Answer:

Explanation: 

4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO) The Active Directory protector is a domain security identifier (SID) based protector for protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a user account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. For the cluster service to selfmanage BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is the Active Directory identity associated with the Cluster Network name, as a BitLocker protector to the target disk volumes. Add-BitLockerKeyProtector <drive letter or CSV mount point> -ADAccountOrGroupProtector – ADAccountOrGroup $cno 


Q23. You have a server named WSUS1 that runs Windows Server 2012 R2. WSUS1 has the Windows Server Update Services server role installed and has one volume. 

You add a new hard disk to WSUS1 and then create a volume on the hard disk. 

You need to ensure that the Windows Server Update Services (WSUS) update files are stored on the new volume. 

What should you do? 

A. From the Update Services console, configure the Update Files and Languages option. 

B. From the Update Services console, run the Windows Server Update Services Configuration Wizard. 

C. From a command prompt, run wsusutil.exe and specify the export parameter. 

D. From a command prompt, run wsusutil.exe and specify the movecontent parameter. 

Answer:

Explanation: 

Local Storage Considerations 

If you decide to store update files on your server, the recommended minimum disk size is 30 GB. However, depending on the synchronization options you specify, you might need to use a larger disk. For example, when specifying advanced synchronization options, as in the following procedure, if you select options to download multiple languages and/or the option to download express installation files, your server disk can easily reach 30 GB. 

Therefore if you choose any of these options, install a larger disk (for example, 100 GB). 

If your disk gets full, you can install a new, larger disk and then move the update files to the new location. To do this, after you create the new disk drive, you will need to run the WSUSutil.exetool (with the movecontent command) to move the update files to the new disk. For this procedure, see Managing WSUS from the Command Line. 

For example, if D:\WSUS1 is the new path for local WSUS update storage, D:\move. log is the path to the log file, and you wanted to copy the old files to the new location, you would type: wsusutil.exe movecontent D:\WSUS1\ D:\move. Log. 

Note: If you do not want to use WSUSutil.exe to change the location of local WSUS update storage, you can also use NTFS functionality to add a partition to the current location of local WSUS update storage. For more information about NTFS, go to Help and Support Center in Windows Server 2003. 

Syntax 

At the command line %drive%\Program Files\Update Services\Tools>, type: 

wsusutilmovecontentcontentpathlogfile -skipcopy [/?] 

The parameters are defined in the following table. 

contentpath - the new root for content files. The path must exist. 

logfile - the path and file name of the log file to create. 

-skipcopy - indicates that only the server configuration should be changed, and that the content files should not be copied. 

/help or /? - displays command-line help for movecontent command. 

References: 

http: //blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx 

http: //technet.microsoft.com/en-us/library/cc720475(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx http: //technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx http: //technet.microsoft.com/en-us/library/cc708480%28v=ws.10%29.aspx 


Q24. Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. 

All client computers run Windows 7. 

You need to ensure that user settings are saved to \\Server1\Users\. 

What should you do? 

A. From the properties of each user account, configure the Home folder settings. 

B. From a Group Policy object (GPO), configure the Folder Redirection settings. 

C. From the properties of each user account, configure the User profile settings. 

D. From a Group Policy object (GPO), configure the Drive Maps preference. 

Answer:

Explanation: 

If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user profiles. 


Q25. HOTSPOT 

Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1. 

Your company implements DirectAccess. 

A user named User1 works at a customer's office. The customer's office contains a server named Server1. 

When User1 attempts to connect to Server1, User1 connects to Server1 in adatum.com. You need to provide User1 with the ability to connect to Server1 in the customer's office. Which Group Policy option should you configure? To answer, select the appropriate option in the answer area. 

Answer: 


Q26. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. 

A local account named Admin1 is a member of the Administrators group on Server1. 

You need to generate an audit event whenever Admin1 is denied access to a file or folder. 

What should you run? 

A. auditpol.exe /set /userradmin1 /failure: enable 

B. auditpol.exe /set /user: admin1 /category: "detailed tracking" /failure: enable 

C. auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure 

D. auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga 

Answer:

Explanation: 

http: //technet. microsoft. com/en-us/library/ff625687. aspx 

To set a global resource SACL to audit successful and failed attempts by a user to perform 

generic read and write functions on files or folders: 

auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: 

FRFW 

http: //technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx 

Syntax 

auditpol /resourceSACL 

[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]] 

[/remove /type: <resource> /user: <user> [/type: <resource>]] 

[/clear [/type: <resource>]] 

[/view [/user: <user>] [/type: <resource>]] 

References: 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 

http: //technet. microsoft. com/en-us/library/ff625687. aspx 

http: //technet. microsoft. com/en-us/library/ff625687%28v=ws. 10%29. aspx 


Q27. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server role service installed. 

You plan to configure Server1 as a Network Access Protection (NAP) health policy server for VPN enforcement by using the Configure NAP wizard. 

You need to ensure that you can configure the VPN enforcement method on Server1 successfully. 

What should you install on Server1 before you run the Configure NAP wizard? 

A. A system health validator (SHV) 

B. The Host Credential Authorization Protocol (HCAP) 

C. A computer certificate 

D. The Remote Access server role 

Answer:

Explanation: 

Configure NAP enforcement for VPN 

This checklist provides the steps required to deploy computers with Routing and Remote 

Access Service installed and configured as VPN servers with Network Policy Server (NPS) and Network Access Protection (NAP). 


Q28. HOTSPOT 

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. 

You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. 

You need to identify which domain controller will be used for initial replication during the promotion of the RODC. 

Which tab should you use to identify the domain controller? 

To answer, select the appropriate tab in the answer area. 

Answer: 


Q29. Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2. 

On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1. 

What should you do? 

A. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting. 

B. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting. 

C. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting. 

D. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting. 

Answer:

Explanation: 

Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription. 

1. Run the following command from an elevated privilege command prompt on the 

Windows Server domain controller to configure Windows Remote Management: winrm qc –q. 

2. Start group policy by running the following command: %SYSTEMROOT%\System32\gpedit. msc. 

3. Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event Forwarding node. 

4. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting. 

5. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force. 

If you want to configure a source computer-initiated subscription, you need to configure the following group policies on the computers that will act as the event forwarders: 

* (A) Configure Target Subscription Manager This policy enables you to set the location of the collector computer. 


Q30. Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2. 

Computer accounts for the marketing department are in an organizational unit (OU) named Departments\Marketing\Computers. User accounts for the marketing department are in an OU named Departments\Marketing\Users. 

All of the marketing user accounts are members of a global security group named MarketingUsers. All of the marketing computer accounts are members of a global security group named MarketingComputers. 

In the domain, you have Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.) 

You create two Password Settings objects named PSO1 and PSO2. PSO1 is applied to MarketingUsers. PSO2 is applied to MarketingComputers. 

The minimum password length is defined for each policy as shown in the following table. 

You need to identify the minimum password length required for each marketing user. 

What should you identify? 

A. 5 

B. 6 

C. 7 

D. 10 

E. 12 

Answer: