Want to know Ucertify 70-411 Exam practice test features? Want to lear more about Microsoft Administering Windows Server 2012 certification experience? Study Best Quality Microsoft 70-411 answers to Improve 70-411 questions at Ucertify. Gat a success with an absolute guarantee to pass Microsoft 70-411 (Administering Windows Server 2012) test on your first attempt.
2021 Dec 70-411 braindumps
Q81. HOTSPOT
You have a file server named Server1 that runs Windows Server 2012 R2.
A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.
On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Answer:
Q82. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com.
You need to configure Server1 to resolve names in fabrikam.com. The solution must NOT require that changes be made to the fabrikam.com zone on Server2.
What should you create?
A. A trust anchor
B. A stub zone
C. A zone delegation
D. A secondary zone
Answer: B
Explanation:
A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
Q83. Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1. Cluster1 hosts 10 virtual machines. All of the virtual machines run Windows Server 2012 R2 and are members of the domain.
You need to ensure that the first time a service named Service1 fails on a virtual machine, the virtual machine is moved to a different node.
You configure Service1 to be monitored from Failover Cluster Manager.
What should you configure on the virtual machine?
A. From the General settings, modify the Startup type.
B. From the General settings, modify the Service status.
C. From the Recovery settings of Service1, set the First failure recovery action to Take No Action.
D. From the Recovery settings of Service1, set the First failure recovery action to Restart the Service.
Answer: C
Explanation:
Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to None. Virtual machine state must be managed through the Failover Clustering feature.
Virtual machine application monitoring and management
In clusters running Windows Server 2012, administrators can monitor services on clustered virtual machines that are also running Windows Server 2012. This functionality extends the high-level monitoring of virtual machines that is implemented in Windows Server 2008 R2 failover clusters. If a monitored service in a virtual machine fails, the service can be restarted, or the clustered virtual machine can be restarted or moved to another node (depending on service restart settings and cluster failover settings). This feature increases the uptime of high availability services that are running on virtual machines within a failover cluster.
Windows Server 2012 Failover Cluster introduces a new capability for Hyper-V virtual machines (VMs), which is a basic monitoring of a service within the VM which causes the VM to be rebooted should the monitored service fail three times. For this feature to work the following must be configured:
. Both the Hyper-V servers must be Windows Server 2012 and the guest OS
running in the VM must be Windows Server 2012.
. The host and guest OSs are in the same or at least trusting domains.
. The Failover Cluster administrator must be a member of the local administrator's group inside the VM. Ensure the service being monitored is set to Take No Action (see screen shot below) within the guest VM for Subsequent failures (which is used after the first and second failures) and is set via the Recovery tab of the service properties within the Services application (services. msc).
Within the guest VM, ensure the Virtual Machine Monitoring firewall exception is enabled for the Domain network by using the Windows Firewall with Advanced Security application or by using the Windows PowerShell command below: Set-NetFirewallRule -DisplayGroup "Virtual Machine Monitoring" -Enabled True.
After the above is true, enabling the monitoring is a simple process: Launch the Failover Cluster Manager tool. Navigate to the cluster - Roles. Right click on the virtual machine role you wish to enable monitoring for and under More Actions select Configure Monitoring.
. The services running inside the VM will be gathered and check the box for the services that should be monitored and click OK.
You are done!
Monitoring can also be enabled using the Add-ClusterVMMonitoredItemcmdlet and -VirtualMachine, with the -Service parameters, as the example below shows: PS C:\Windows\system32> Add-ClusterVMMonitoredItem -VirtualMachine savdaltst01 -Service spooler
References:
http: //sportstoday. us/technology/windows-server-2012---continuous-availability-%28part-4%29---failover-clustering-enhancements---virtual-machine-monitoring-. aspx
http: //windowsitpro. com/windows-server-2012/enable-windows-server-2012-failover-cluster-hyper-v-vm-monitoring
http: //technet. microsoft. com/en-us/library/cc742396. aspx
Q84. Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.
Server1 provides VPN access to external users.
You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?
A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting
B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting
D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled
Answer: C
Explanation:
Add-RemoteAccessRadius
Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess
(DA) and VPN, or one-time password (OTP) authentication for DA.
AccountingOnOffMsg<String>
Indicates the enabled state for sending of accounting on or off messages. The acceptable
values for this parameter are:
. Enabled.
. Disabled.
This is the default value. This parameter is applicable only when the RADIUS server is being added for Remote Access accounting.
Q85. Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com.
You need to configure Server1 to support the resolution of names in fabnkam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?
A. Create a stub zone.
B. Add a forwarder.
C. Create a secondary zone.
D. Create a conditional forwarder.
Answer: C
Explanation:
http: //technet. microsoft. com/en-us/library/cc771898. aspx
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone.
With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable.
While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone.
Copies of A records for all name servers authoritative for the zone.
References:
http: //www. windowsnetworking. com/articles-tutorials/windows-2003/DNS_Stub_Zones. html
http: //technet. microsoft. com/en-us/library/cc771898. aspx
http: //redmondmag. com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones. aspx?Page=2
Rebirth 70-411 free draindumps:
Q86. HOTSPOT
You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Sockets Layer (SSL).
To which store should you import the certificate? To answer, select the appropriate store in the answer area.
Answer:
Q87. Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2.
DirectAccess is deployed to the network.
Remote users connect to the DirectAccess server by using a variety of network speeds.
The remote users report that sometimes their connection is very slow.
You need to minimize Group Policy processing across all wireless wide area network
(WWAN) connections.
Which Group Policy setting should you configure?
A. Configure Group Policy slow link detection.
B. Configure Direct Access connections as a fast network connection.
C. Configure wireless policy processing.
D. Change Group Policy processing to run asynchronously when a slow network connection is detected.
Answer: A
Q88. HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their client computer.
You need to ensure that all of the scripts execute completely before the users can access their desktop.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
Answer:
Q89. Your network contains an Active Directory domain named contoso.com.
All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop.
You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop.
What should you do?
A. Enforce GPO1.
B. Enable loopback processing in GPO1.
C. Modify the Link1 shortcut preference of GPO1.
D. Modify the Security Filtering settings of GPO1.
Answer: D
Explanation:
Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Q90. Your network contains two Active Directory forests named adatum.com and contoso.com. The network contains three servers. The servers are configured as shown in the following table.
You need to ensure that connection requests from adatum.com users are forwarded to Server2 and connection requests from contoso.com users are forwarded to Server3.
Which two should you configure in the connection request policies on Server1? (Each correct answer presents part of the solution. Choose two.)
A. The Authentication settings
B. The Standard RADIUS Attributes settings
C. The Location Groups condition
D. The Identity Type condition
E. The User Name condition
Answer: A,E
Explanation:
The User Name attribute group contains the User Name attribute. By using this attribute, you can designate the user name, or a portion of the user name, that must match the user name supplied by the access client in the RADIUS message. This attribute is a character string that typically contains a realm name and a user account name. You can use pattern-matching syntax to specify user names.
By using this setting, you can override the authentication settings that are configured in all network policies and you can designate the authentication methods and types that are required to connect to your network. Forward requests to the following remote RADIUS server group . By using this setting, NPS forwards connection requests to the remote RADIUS server group that you specify. If the NPS server receives a valid Access-Accept message that corresponds to the Access-Request message, the connection attempt is considered authenticated and authorized. In this case, the NPS server acts as a RADIUS proxy
Connection request policies are sets of conditions and profile settings that give network administrators flexibility in configuring how incoming authentication and accounting request messages are handled by the IAS server. With connection request policies, you can create a series of policies so that some RADIUS request messages sent from RADIUS clients are processed locally (IAS is being used as a RADIUS server) and other types of messages are forwarded to another RADIUS server (IAS is being used as a RADIUS proxy). This capability allows IAS to be deployed in many new RADIUS scenarios.
With connection request policies, you can use IAS as a RADIUS server or as a RADIUS proxy, based on the time of day and day of the week, by the realm name in the request, by the type of connection being requested, by the IP address of the RADIUS client, and so on.
References: http: //technet. microsoft. com/en-us/library/cc757328. aspx
http: //technet. microsoft. com/en-us/library/cc753603. aspx