Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(251-260)!

QUESTION 251
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2. You add a VPN server named Server2 to the network. On Server1, you create several network policies. You need to configure Server1 to accept authentication requests from Server2. memory resources and processor resources each?

A.    Add-RemoteAccessRadius
B.    New-NpsRadiusClient
C.    Remote Access Management Console
D.    Routing and Remote Access

Answer: B
Explanation:
There are two configurations need to be done in Server1. First is to create a RADIUS client, and second, create a network policy. The network policy has been created. So we need to use New-NpsRadiusClient to create a RADIUS client.

QUESTION 252
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. One of the domain controllers is named DC1.The DNS zone for the contoso.com zone is Active Directory-intergrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?

A.    From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.
B.    From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C.    From DNS Manager, modify the replication scope of the contoso.com zone.
D.    From DNS manager, modify the Security settings of the contoso.com zone.

Answer: B
Explanation:
B. Set zone to allow zone transfers
http://technet.microsoft.com/en-us/library/cc739056(v=ws.10).aspx
by the Microsoft.

QUESTION 253
A computer does not support PXE, what kind of image do you need to create?

A.    boot
B.    install
C.    discovery
D.    capture

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd637996(v=ws.10).aspx WDSUTIL /New-DiscoverImage /Image:<name> /Architecture:{x86|x64|ia64} / DestinationImage /FilePath:<path and name to new file>. To specify which server the discover image connects to, append /WDSServer:<server name or IP>.
 clip_image001[98]

QUESTION 254
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role installed.
You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using the Network Policy Server (NPS) templates.
Which three settings should you identify? (Each answer presents part of the solution.
Choose three.)

A.    IP filters
B.    shared secrets
C.    health policies
D.    network policies
E.    connection request policies

Answer: ABC

QUESTION 255
You are the network administrator for a midsize computer company. You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain. You want to make sure only domain computers register with your DNS servers. What should you do to resolve this issue?

A.    Set dynamic updates to None.
B.    Set dynamic updates to Nonsecure And Secure.
C.    Set dynamic updates to Domain Users Only.
D.    Set dynamic updates to Secure Only.

Answer: D

QUESTION 256
A system administrator is trying to determine which file system to use for a server that will become a Windows Server 2012 R2 file server and domain controller. The company has the following requirements:
The file system must allow for file-level security from within Windows 2012 Server. The file system must make efficient use of space on large partitions. The domain controller SYSVOL must be stored on the partition
Which of the following file systems meets these requirements?

A.    FAT
B.    FAT32
C.    HPFS
D.    NTFS

Answer: D

QUESTION 257
You need to create a new user account using the command prompt. Which command would you use?

A.    dsmodify
B.    dscreate
C.    dsnew
D.    dsadd

Answer: D

QUESTION 258
You are hired as a consultant to the ABC Company. The owner of the company complains that she continues to have Desktop wallpaper that she did not choose. When you speak with the IT team, you find out that a former employee created 20 GPOs and they have not been able to figure out which GPO is changing the owner’s Desktop wallpaper. How can you resolve this issue?

A.    Run the RSoP utility against all forest computer accounts
B.    Run the RSoP utility against the owner’s computer account
C.    Run the RSoP utility against the owner’s user account
D.    Run the RSoP utility against all domain computer accounts.

Answer: C

QUESTION 259
You need to enable three of your domain controllers as global catalog servers. Where would you configure the domain controllers as global catalogs?

A.    Forest, NTDS settings
B.    Domain, NTDS settings
C.    Site, NTDS settings
D.    Server, NTDS settings

Answer: D

QUESTION 260
You are the network administrator for your organization. Your company uses a Windows Server 2012 R2 Enterprise certification authority to issue certificates. You need to start using key archival. What should you do?

A.    Implement a distribution CRL.
B.    Install the smart card key retrieval.
C.    Implement a Group Policy object (GPO) that enables the Online Certificate Status Protocol (OCSP) responder.
D.    Archive the private key on the server.

Answer: D

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html


Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(241-250)!

QUESTION 241
You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com. You need to specify the email address of the person responsible for the zone. Which type of DNS record should you configure?

A.    Start of authority (SOA)
B.    Mail exchanger (MX)
C.    Host information (HINFO)
D.    Mailbox (MB)

Answer: A

QUESTION 242
You have a server named Server1 that runs Windows Server 2012 R2. You discover that the performance of Server1 is poor. The results of a performance report generated on Server1 are shown in the following table.
 clip_image001[88]
You need to identify the cause of the performance issue. What should you identify?

A.    Excessive paging
B.    NUMA fragmentation
C.    Driver malfunction
D.    Insufficient RAM

Answer: C
Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface. Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity.
Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue.
Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data.
http://technet.microsoft.com/en-us/library/cc768048.aspx

QUESTION 243
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. All domain users are configured to have a minimum password length of eight characters. You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters. What should you do?

A.    Create a universal group that contains the research servers. Create a Password Settings object
(PSO) and assign the PSO to the group.
B.    Configure a local Group Policy object (GPO) on each research server.
C.    Create and link a Group Policy object (GPO) to the ResearchServers OU.
D.    Create a global group that contains the research servers. Create a Password Settings object
(PSO) and assign the PSO to the group.

Answer: C

QUESTION 244
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an Edge Server named Server1. Server1 is configured as a DirectAccess server. Server1 has the following settings:
 clip_image001[90]
Your company uses split-brain DNS for the contoso.com zone. You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)

 clip_image002[32]
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1. Which additional name suffix entry should you add from the Remote Access Setup wizard?

A.    A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
B.    A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
C.    A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
D.    A Name Suffix value of dal.contoso.com and a DNS Server Address value of 65.55.37.62

Answer: A
Explanation:
For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients. Name suffixes that do not have corresponding DNS servers are treated as exemptions.
http://technet.microsoft.com/en-us/library/ee382323(v=ws.10).aspx

QUESTION 245
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed. The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers. You need to add a system variable named App1Data to all of the client computers. Which Group Policy preference should you configure?

A.    Services
B.    Ini Files
C.    Environment
D.    Data Sources

Answer: C

QUESTION 246
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012 R2. Contoso.com contains two servers. The servers are configured as shown in the following table.
 clip_image001[92]
Server1 and Server2 host a load-balanced application pool named AppPool1. You need to ensure that AppPool1 uses a group Managed Service Account as its identity. Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[35]
Answer:
 clip_image002[37]

QUESTION 247
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains two Active Directory sites named Site1 and Site2. You plan to deploy a read-only domain controller (RODC) named DC10 to Site2. You pre-create the DC10 domain controller account by using Active Directory Users and Computers. You need to identify which domain controller will be used for initial replication during the promotion of the RODC. Which tab should you use to identify the domain controller?
To answer, select the appropriate tab in the answer area.
 clip_image001[94]
Answer:

clip_image001[96]

QUESTION 248
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. Recently, all of the domain controllers that ran Windows Server 2003 were replaced by domain controllers that run Windows Server 2012 R2.
From Event Viewer, you discover SYSVOL journal wrap errors on a domain controller named dclO.contoso.com.
You need to perform a non-authoritative synchronization of SYSVOL on DC10.
Which three actions should you perform on DC10?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[39]
Answer:
 clip_image002[41]
Explanation:
Box 1: Stop the Distributed File System (DFS) Replication service.
Box 2: Modify the computer objected DC10 in Active Directory.
Box 3: Start the Distributed File System (DFS) Replication service.
Note:
* In very large replica sets, replica members may encounter the following error during an authoritative restore (BURFLAGS=D4):
journal_wrap_error
To recover, the affected replica member must be reinitialized with a nonauthoritative restore (BURFLAGS=D2) where it will synchronize files from an existing inbound partner. This reinitialization can be time-consuming for large replica sets.

QUESTION 249
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the following role services installed:
– DirectAccess and VPN (RRAS)
– Network Policy Server
Remote users have client computers that run either Windows XP, Windows 7, or Windows 8. You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. What should you configure on Server1?

A.    A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy
B.    A condition of a Network Policy Server (NPS) network policy
C.    A condition of a Network Policy Server (NPS) connection request policy
D.    A constraint of a Network Policy Server (NPS) network policy

Answer: B

QUESTION 250
You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed. You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[43]
You need to configure a pre-staged device for VM1 in the Windows Deployment Services console. Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A.    979708BFC04B45259FE0C4150BB6C618
B.    979708BF-C04B-4525-9FE0-C4150BB6C618
C.    00155D000F1300000000000000000000
D.    0000000000000000000000155D000F13
E.    00000000-0000-0000-0000-C4150BB6C618

Answer: BD
Explanation:
Use client computer’s media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.
http://technet.microsoft.com/en-us/library/cc754469.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html


Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(231-240)!

QUESTION 231
Hotspot Question
Your network contains an Active Directory domain named contoso.com. You need to create a certificate template for the BitLocker Drive Encryption (BitLocker) Network Unlock feature. Which Cryptography setting of the certificate template should you modify? To answer, select the appropriate setting in the answer area.

 clip_image001[72]
Answer:
 clip_image001[74]

QUESTION 232
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2. You have a Password Settings object (PSOs) named PSO1. You need to view the settings of PSO1. Which tool should you use?

A.    Group Policy Management
B.    Server Manager
C.    Get-ADAccountResultantPasswordReplicationPolicy
D.    Active Directory Administrative Center

Answer: D
Explanation:
A. ADAC Only
B. ADAC Only
C. Gets the resultant password replication policy for an Active Directory account.
D. You must use the Windows Server 2012 R2 version of Active Directory Administrative Center to administer finegrained password policies through a graphical user interface.
http://technet.microsoft.com/en-us/library/ee617227.aspx
http://technet.microsoft.com/en-us/library/hh831702.aspx#fine_grained_pswd_policy_mgmt

QUESTION 233
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.
 clip_image001[76]
You open Active Directory Users and Computers on a client computer and connect to DC1. You display the members of a group named Group1 as shown in the Group1 Members exhibit. (Click the Exhibit button.)

 clip_image001[78]
When you view the properties of a user named Userl02, you receive the error message shown in the Error exhibit. (Click the Exhibit button.)
 clip_image001[80]
The error message does not display for any other members of Group1. You need to identify which domain controller causes the issue shown in the error message. Which domain controller should you identify?

A.    DC1
B.    DC2
C.    DC10
D.    DC11

Answer: B
Explanation:
The infrastructure master for a domain periodically examines the references, within its replica of the directory data, to objects not held on that domain controller. It queries a Global Catalog server for current information about the distinguished name and SID of each referenced object. If this information has changed, the infrastructure master makes the change in its local replica and also replicates the new values to other domain controllers within the domain.
The error hints the object reference is not updated in Infrastructure Master of Contoso.com domain.

QUESTION 234
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a file server named Server1. All client computers run Windows 8. Users share the client computers and frequently log on to different client computers. You need to ensure that when the users save files in the Documents folder, the files are saved automatically to \\Server1\Users\. The solution must minimize the amount of network traffic that occurs when the users log on to the client computers. What should you do?

A.    From a Group Policy object (GPO), configure the Folder Redirection settings
B.    From the properties of each user account, configure the Home folder settings
C.    From the properties of each user account, configure the User profile settings
D.    From a Group Policy object (GPO), configure the Drive Maps preference.

Answer: A
Explanation:
http://en.wikipedia.org/wiki/Folder_redirection

QUESTION 235
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to configure Server1 as a network address translation (NAT) server. Which node should you use to add the NAT routing protocol? To answer, select the appropriate node in the answer area.

 clip_image002[28]
Answer:
 clip_image002[30]

QUESTION 236
Hotspot Question
You have a server named Server5 that runs Windows Server 2012 R2. Servers has the Windows Deployment Services server role installed. You need to ensure that when client computers connect to Server5 by using PXE, the computers use an unattended file. What should you configure? To answer, select the appropriate tab in the answer area.
 clip_image001[82]
Answer:
 clip_image001[84]

QUESTION 237
Your network contains a server named Server1 that has the Network Policy and Access Services server role installed. All of the network access servers forward connection requests to Server1. You create a new network policy on Server1. You need to ensure that the new policy applies only to connection requests from Microsoft RAS servers that are located on the 192.168.0.0/24 subnet. Which two configurations should you perforin? (Each correct answer presents part of the solution. Choose two.)

A.    Set the MS-RAS Vendor ID condition to $teelHead.
B.    Set the Called Station ID constraint to 192.168.0.
C.    Set the Client IP4 Address condition to 192.168.0.0/24.
D.    Set the MS-RAS Vendor ID condition to ^311$.
E.    Set the Called Station ID constraint to 192.168.0.0/24.
F.    Set the Client IP4 Address condition to 192.168.0.

Answer: DF
Explanation:
D: MS-RAS-Vendor Matches “^311$” ) The condition means that the policy applies only when the version of the RADIUS client is ^311$, so subsequent settings in this policy apply only to RRAS machines.
F: Client IPv4 Address
Specifies the Internet Protocol (IP) version 4 address of the RADIUS client that forwarded the connection request to the NPS server.

QUESTION 238
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server. You need to configure Server1 to perform network address translation (NAT).
What should you do?

A.    From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each
network adapter.
B.    From Routing and Remote Access, add an IPv4 routing protocol.
C.    From Routing and Remote Access, add an IPv6 routing protocol.
D.    From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each
network adapter.

Answer: B

QUESTION 239
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Remote Access server role installed. DirectAccess is implemented on Server1 by using the default configuration. You discover that DirectAccess clients do not use DirectAccess when accessing websites on the Internet. You need to ensure that DirectAccess clients access all Internet websites by using their DirectAccess connection.
What should you do?

A.    Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings Group
Policy object (GPO).
B.    Configure a DNS suffix search list on the DirectAccess clients.
C.    Enable the Route all traffic through the internal network policy setting in the DirectAccess Server
Settings Group Policy object (GPO).
D.    Configure DirectAccess to enable force tunneling.

Answer: D

QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?

A.    From Active Directory Users and Computers, run the Delegation of Control Wizard
B.    From a command prompt, run the dsadd computer command
C.    From Active Directory Users and Computers, configure the Managed By settings of the RODC1 account.
D.    From Active Directory Site and Services, configure the Security settings of the RODC1 server object.

Answer: C
Explanation:
Modify the Managed By tab of the RODC account properties in the Active Directory Users and Computers snap-in, as shown in the following figure. You can click Change to change which security principal is the delegated RODC administrator. You can choose only one security principal. Specify a security group rather than an individual user so you can control RODC administration permissions most efficiently. This method changes the managedBy attribute of the computer object that corresponds to the RODC to the SID of the security principal that you specify. This is the recommended way to specify the delegated RODC administrator account because the information is stored in AD DS, where it can be centrally managed by domain administrators.
 clip_image001[86]
Incorrect:
Not A: You delegate administration of a domain or organizational unit by using the Delegation of Control wizard available in the Active Directory Users and Computers snap- in.
Not B: dsadd group just adds a group to the Active Directory

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html


Official 2014 Latest Microsoft 70-410 Exam Dump Free Download(421-424)!

QUESTION 421
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains 25 servers. All servers run Windows Server 2012 R2.
You need to create a Windows Firewall rule to prevent administrators from using Internet Explorer to access the Internet while they are logged on interactively to the servers. The solution must not prevent administrators from accessing websites on the internal network.
How should you configure the rule?
To answer, select the appropriate options in the answer area.
 clip_image001[64]
Answer:
 clip_image001[66]

QUESTION 422
Your network contains a server named Server1 and 10 Web servers. All servers run Windows Server 2012 R2.
You create a Windows PowerShell Desired State Configuration (DSC) to push the settings from Server1 to all of the Web servers.
On Server1, you modify the file set for the Web servers.
You need to ensure that all of the Web servers have the latest configurations.
Which cmdlet should you run on Server1?

A.    Restore-DcsConfiguration
B.    Set DcsLocalConfigurationManager
C.    Start-DcsConfiguration
D.    Get-DcsConfiguration

Answer: C

QUESTION 423
Hotspot Question
Your network contains an Active Directory domain named fabrikam.com. You implement DirectAccess and an IKEv2 VPN. You need to view the properties of the VPN connection. Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
 clip_image001[68]
Answer:
  clip_image001[70]

QUESTION 424
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed.Server2 is a file server.
Your company introduces a Bring Your Own Device (BYOD) policy.
You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Enable the Device Registration Service in Active Directory.
B.    Publish the Device Registration Service by using a Web Application Proxy.
C.    Configure Active Directory Federation Services (AD FS) for the Device Registration Service.
D.    Install the Work Folders role service on Server2.
E.    Create and configure a sync share on Server2.

Answer: AC
Explanation:
*Prepare your Active Directory forest to support devices This is a one-time operation that you must run to prepare your Active Directory forest to support devices.
To prepare the Active Directory forest
On your federation server, open a Windows PowerShell command window and type:
Initialize-ADDeviceRegistration
*Enable Device Registration Service on a federation server farm node To enable Device Registration Service
1.On your federation server, open a Windows PowerShell command window and type:
Enable-AdfsDeviceRegistration
2.Repeat this step on each federation farm node in your AD FS farm.

Passing Microsoft 70-410 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-410 Dump:

http://www.braindump2go.com/70-410.html


Official 2014 Latest Microsoft 70-410 Exam Dump Free Download(411-420)!

QUESTION 411
Your network contains several servers that run Windows Server 2012 R2 and client computers that run Windows 8.1.
You download several signed Windows PowerShell scripts from the Internet.
You need to run the PowerShell scripts on all of the servers and all of the client computers.
What should you modify first?

A.    the environment variables on all of the servers
B.    the environment variables on all client computers
C.    the execution policy on all of the servers
D.    the execution policy on all of the client computers

Answer: D

QUESTION 412
Hotspot Question
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts 50 virtual machines.
You need to create a script to list all of the virtual machines that have checkpoints and support Secure Boot.
What should you do? To answer, select the appropriate options in the answer area.
 clip_image001[50]
Answer:
 clip_image001[52]

QUESTION 413
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1 that runs Windows Server 2012 R2.
On Server1, you create a work folder named Work1.
A user named User1 connects to Work1 from a computer named Computer1.
You need to identify the last time the documents in Work1 were synchronized successfully from Computer1.
What should you do?

A.    From Windows PowerShell, run the Get-SyncShare cmdlet.
B.    From Windows PowerShell, run the Get-SyncUserSettings cmdlet.
C.    From Server Manager, review the properties of Computer1.
D.    From Server Manager, review the properties of User1.

Answer: D

QUESTION 414
Drag and Drop Question
You have a server named Server1 that runs Windows Server 2012 R2.
You add a new internal SAS disk to Server1.
You need to ensure that the new disk is available to store files.
Which three cmdlets should you run in sequence?
To answer, move the appropriate three cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
 clip_image001[54]
Answer:

clip_image001[56]

QUESTION 415
Drag and Drop Question
You have a Hyper-V host named Host1. Host1 contains two virtual machines named VM1 and VM2. VM1 is configured as a print server. VM1 runs Windows Server 2008 R2. VM2 is configured as a file server. VM2 runs Windows Server 2012 R2.
You need to migrate all of the printers on VM1 to VM2.
Which actions should you perform on the virtual machines?
To answer, drag the appropriate action to the correct servers in the answer area. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[24]
Answer:
 clip_image002[26]

QUESTION 416
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. All client computers run Windows 8.
The domain contains a security group named Group1.
You have a Group Policy object (GPO) named GP01. GPO1 is linked to the domain.
You need to ensure that only the members of Group1 can run the applications shown in the following table.
 clip_image001[58]
Which type of application control policy should you implement for each application?
To answer, drag the appropriate rule types to the correct applications. Each rule type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[60]
Answer:
 clip_image001[62]

QUESTION 417
Your network contains an Active Directory domain named contoso.com. The domain contains 100 user accounts that reside in an organizational unit (OU) named OU1.
You need to ensure that a user named User1 can link and unlink Group Policy objects (GPOs) to OU1. The solution must minimize the number of permissions assigned to User1.
What should you do?

A.    Add User1 to the Group Policy Creator Owners group.
B.    Modify the permissions on the User1 account.
C.    Modify the permissions on OU1.
D.    Run the Delegation of Control Wizard on the Policies container.

Answer: C

QUESTION 418
Your network contains an Active Directory domain named contoso.com. The domain contains hundreds of groups, many of which are nested in other groups.
The domain contains a user account named User1. User1 is a direct member of 15 groups.
You need to identify of which Active Directory groups User1 is a member, including the nested groups. The solution must minimize administrative effort.
Which tool should you use?

A.    ADSI Edit
B.    Get-ADUser
C.    Active Directory Users and Computers
D.    Dsget

Answer: B

QUESTION 419
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The domain contains a standalone server named Server2 that is located in a perimeter network. Both servers run Windows Server 2012 R2.
You need to manage Server2 remotely from Server1.
What should you do?

A.    From Server2, run the Enable-PsRemoting cmdlet.
B.    From Server1, run the winrni command.
C.    From Server2, run the winrm command.
D.    From Server1, run the Enable-PsRemoting cmdlet.

Answer: A

QUESTION 420
Your network contains an Active Directory forest named contoso.com. The forest contains five domains. All domain controllers run Windows Server 2012 R2.
The contoso.com domain contains two user accounts named Admin1 and Admin2.
You need to ensure that Admin1 and Admin2 can configure hardware and services on all of the member servers in the forest. The solution must minimize the number of privileges granted to Admin1 and Admin2.
Which built-in groups should you use?

A.    Server Operators global groups
B.    Domain Admins global groups
C.    Administrators domain local groups
D.    Administrators local groups

Answer: B

Passing Microsoft 70-410 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-410 Dump:

http://www.braindump2go.com/70-410.html


Official 2014 Latest Microsoft 70-410 Exam Dump Free Download(401-410)!

QUESTION 401
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has three physical network adapters named NIC1, NIC2, and NIC3.
On Server1, you create a NIC team named Team1 by using NIC1 and NIC2. You configure Team1 to accept network traffic on VLAN 10.
You need to ensure that Server1 can accept network traffic on VLAN 10 and VLAN 11. The solution must ensure that the network traffic can be received on both VLANs if a network adapter fails.
What should you do?

A.    From Server Manager, change the load balancing mode of Team1.
B.    Run the New-NetLbfoTeam cmdlet.
C.    From Server Manager, add an interface to Team1.
D.    Run the Add-NetLbfoTeamMember cmdlet.

Answer: C

QUESTION 402
You have a server named Server1 that runs Windows Server 2012 R2.
You need to create a script that will create and mount a virtual hard disk.
Which tool should you use?

A.    vdsldr.exe
B.    diskpart.exe
C.    fsutil.exe
D.    vds.exe

Answer: B

QUESTION 403
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
All server are configured to enforce AppLocker policies.
You install a server named Server1.
On Server1, you install an application named appl.exe in a folder located on C:\App1.
You have two domain groups named Group1 and Group2. A user named User1 is a member of Group1 and Group2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to contoso.com.
You create the executable rules as shown in the exhibit by using the Create Executable Rules wizard. (Click the Exhibit button.)
 clip_image002[14]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[40]
Answer:

clip_image001[42]

QUESTION 404
You have virtual machine named VM1.
VM1 uses a fixed size virtual hard disk (VHD) named diskl.vhd. Diskl.vhd is 200 GB.
You shut down VM1.
You need to reduce the size of diskl.vhd.
Which action should you select from the Edit Virtual Hard Disk Wizard?

A.    Merge
B.    Compact
C.    Shrink
D.    Convert

Answer: D

QUESTION 405
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts 50 virtual machines that run Windows Server 2012 R2.
Your company uses smart cards for authentication.
You need to ensure that you can use smart card authentication when you connect to the virtual machine by using Virtual Machine Connection.
What should you configure?

A.    The NUMA Spanning settings
B.    The RemoteFX settings
C.    The Enhanced Session Mode Policy
D.    The Integration Services settings

Answer: C

QUESTION 406
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You need to create a 3-TB virtual hard disk (VHD) on Server1.
Which tool should you use?

A.    Computer Management
B.    Server Manager
C.    Share and Storage Management
D.    New-VirtualDisk

Answer: A

QUESTION 407
Hotspot Question
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 hosts 40 virtual machines that run Windows Server 2008 R2. The virtual machines connect to a private virtual switch.
You have a file that you want to copy to all of the virtual machines.
You need to identify to which servers you can copy files by using the Copy-VmFile cmdlet.
What command should you run?
To answer, select the appropriate options in the answer area.
 clip_image001[44]
Answer:
 clip_image001[46]

QUESTION 408
Hotspot Question
Your network contains an Active Directory forest. The forest contains a single domain named contoso.com.
AppLocker policies are enforced on all member servers.
You view the AppLocker policy applied to the member servers as shown in the exhibit.
(Click the Exhibit button.)
 clip_image002[16]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image002[18]
Answer:
 clip_image002[20]

QUESTION 409
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You create two IPv4 scopes on Server1. The scopes are configured as shown in the following table.
 clip_image001[48]
The DHCP clients in Subnet_Tor can connect to the client computers in Subnet_Mtl by using an IP address or a FQDN. You discover that the DHCP clients in Subnet_Mtl can connect to client computers in Subnet_Tor by using an IP address only.
You need to ensure that the DHCP clients in both subnets can connect to any other DHCP client by using a FQDN.
What should you add?

A.    The 015 DNS Domain Name option to Subnet_Mtl
B.    The 015 DNS Domain Name option to Subnet_Tor
C.    The 006 DNS Servers option to Subnet_Mtl
D.    The 006 DNS Servers option to Subnet_Tor

Answer: C

QUESTION 410
You have a server named Server1 that runs Windows Server 2012 R2.
You add an additional disk to Server1 as shown in the exhibit. (Click the Exhibit button.)

 clip_image002[22]
You need to ensure that users can access the additional disk from drive C.
What should you do?

A.    Convert Disk 0 and Disk 1 to dynamic disks and extend a volume.
B.    Convert Disk 1 to a dynamic disk and create a spanned volume.
C.    Create a simple volume on Disk 1 and mount the volume to a folder.
D.    Convert Disk 0 to a dynamic disk and add a mirror.

Answer: C

Passing Microsoft 70-410 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-410 Dump:

http://www.braindump2go.com/70-410.html


Official 2014 Latest Microsoft 70-410 Exam Dump Free Download(391-400)!

QUESTION 391
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2.
You need to switch Server1 to a Server Core installation of Windows Server 2012 R2.
What command should you run?
To answer, select the appropriate options in the answer area.
 clip_image001[8]
Answer:
 clip_image001[10]

QUESTION 392
You have a server named Server1 that runs Windows Server 2012 R2.
You plan to use Windows PowerShell Desired State Configuration (DSC) to confirm that the Application Identity service is running on all file servers.
You define the following configuration in the Windows PowerShell Integrated Scripting Environment (ISE):
 clip_image001[12]
You need to use DSC to configure Server1 as defined in the configuration.
What should you run first?

A.    Service 1
B.    Test-DscConfiguration
C.    Start-DscConfiguration
D.    Configuration1

Answer: D

QUESTION 393
Drag and Drop Question
You are configuring a multi-subnet IPv6 network for a regional office.
The corporate network administrator allocates the 2001:0db8:1234:0800: :/54 address space for your use.
You need to identify network IDs of the first and last subnets that you will be able to create at the office.
Which network IDs should you identify?
To answer, drag the appropriate network IDs to the correct subnets. Each network ID may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[14]
Answer:
 clip_image002[6]

QUESTION 394
Your network contains an Active Directory domain named contoso.com. The domain contains a DHCP server named Server1 that runs Windows Server 2012 R2.
You create a DHCP scope named Scope1. The scope has a start address of 192.168.1.10, an end address of 192.168.1.50, and a subnet mask of 255.255.255.192.
You need to ensure that Scope1 has a subnet mask of 255.255.255.0.
What should you do first?

A.    From the DHCP console, reconcile Scope1.
B.    From the DHCP console, delete Scope1.
C.    From the DHCP console, modify the Scope Options of Scope1.
D.    From Windows PowerShell, run the Set-DhcpServerv4Scope cmdlet.

Answer: B

QUESTION 395
Hotspot Question
You have a print server named Server1 that runs Windows Server 2012 R2.
On Server1, you create and share a printer named Printer1.
The Advanced settings of Printer1 are shown in the Advanced exhibit. (Click the Exhibit button.)
 clip_image001[16]
The Security settings of Printer1 are shown in the Security exhibit. (Click the Exhibit button.)
 clip_image001[18]
The Members settings of a group named Group1 are shown in the Group1 exhibit. (Click the Exhibit button.)
 clip_image001[20]
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
 clip_image001[22]
Answer:
 clip_image001[24]

QUESTION 396
Hotspot Question
A printer named Printer1 is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[26]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[28]
Answer:
 clip_image001[30]

QUESTION 397
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
You need to add a user named User1 to a group named ServerAdmins.
What command should you run?
To answer, select the appropriate options in the answer area.
 clip_image001[32]
Answer:
 clip_image001[34]

QUESTION 398
Hotspot Question
You have a DHCP server named Server1 that runs Windows Server 2012 R2.
On Server1, you run the commands as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[8]
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
 clip_image001[36]
Answer:
 clip_image001[38]

QUESTION 399
Drag and Drop Question
You have a server named Server1 that runs Windows Server 2012 R2.
You need to perform the following storage configuration tasks on Server1:
– Bring a disk named Diskl online.
– Defragment a volume named Volumel.
– Remove a disk named Disk2 from a storage pool named Pooll.
Which cmdlet should you use to perform each task?
To answer, drag the appropriate cmdlets to the correct tasks. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image002[10]
Answer:
 clip_image002[12]

QUESTION 400
Your network contains an Active Directory domain named contoso.com.
You have a DHCP server named Server1 that runs Windows Server 2008.
You install Windows Server 2012 R2 on a server named Server2. You install the DHCP Server server role on Server2.
You need to migrate the DHCP services from Server1 to Server2. The solution must meet the following requirements:
– Ensure that existing leases are migrated.
– Prevent lease conflicts.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    On Server1, run the Export-DhcpServer cmdlet.
B.    On Server1, run the Stop-Service cmdlet.
C.    On Server2, run the Receive-SmigServerData cmdlet.
D.    On Server2, run the Stop-Service cmdlet.
E.    On Server2, run the Import-DhcpServer cmdlet.
F.    On Server1, run the Send-SmigServerData cmdlet.

Answer: ABE

Passing Microsoft 70-410 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-410 Dump:

http://www.braindump2go.com/70-410.html


Official 2014 Latest Microsoft 70-410 Exam Dump Free Download(381-390)!

QUESTION 381
Which of the following are the two built-in user accounts created automatically on a computer running Windows Server 2012 R2?

A.    Network
B.    Interactive
C.    Administrator
D.    Guest

Answer: CD
Explanation:
A. Incorrect: There is no Network account in Windows Server 2012 R2.
B. Incorrect: There is no Interactive account in Windows Server 2012 R2.
C. Correct: By default, the two built-in user accounts created on a computer running Windows Server 2012 are the Administrator account and the Guest account.
D. Correct: By default, the two built-in user accounts created on a computer running Windows Server 2012 are the Administrator account and the Guest account.

QUESTION 382
Which of the following is not a type of user account that can be configured in Windows Server 2012 R2?

A.    local accounts
B.    domain accounts
C.    network accounts
D.    built-in accounts

Answer: C
Explanation:
A. Incorrect: Local accounts can be created and configured in Windows Server 2012 R2.
B. Incorrect: Domain accounts can be created and configured in Windows Server 2012 R2.
C. Correct: Three types of user accounts can be created and configured in Windows Server 2012: local accounts, domain accounts, and built-in user accounts.
D. Incorrect: Built-in accounts can be created and configured in Windows Server 2012 R2.

QUESTION 383
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are part of a workgroup.
On Server1 and Server2, you create a local user account named Admin1. You add the account to the local Administrators group. On both servers, Admin1 has the same password.
You log on to Server1 as Admin1. You open Computer Management and you connect to Server2.
When you attempt to create a scheduled task, view the event logs, and manage the shared folders, you receive Access Denied messages.
You need to ensure that you can administer Server2 remotely from Server1 by using Computer Management.
What should you configure on Server2?

A.    From Registry Editor, configure the LocalAccountTokenFilterPolicy registry value.
B.    From Local Users and Groups, modify the membership of the Remote Management Users group.
C.    From Server Manager, modify the Remote Management setting.
D.    From Windows Firewall, modify the Windows Management Instrumentation (WMI) firewall rule.

Answer: A
Explanation:
The LocalAccountTokenFilterPolicy setting affects how administrator credentials are applied to remotely administer the computer.
http://support.microsoft.com/kb/942817

QUESTION 384
Your network contains an Active Directory domain named adatum.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Corel, you perform a Server Core Installation of Windows Server 2012 R2. You join Corel to the adatum.com domain.
You need to ensure that you can use Event Viewer on Server1 to view the event logs on Core1.
What should you do on Core1?

A.    Run the Disable NetFirewallRule cmdlet.
B.    Install Remote Server Administration Tools (RSAT).
C.    Install Windows Management Framework.
D.    Run the Enable-C.

Answer: D
Explanation:
Information regarding IPsec policy changes, etc. can be found in the Event Viewer. Thus you need to enable the NetFirewallRule command. This will allow you to view the event logs.

QUESTION 385
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
On Server1, you create and start a virtual machine named VM1. VM1 is configured as shown in the following table.
 clip_image001
You need to recommend a solution to minimize the amount of disk space used for the snapshot of VM1.
What should you do before you create the snapshot?

A.    Run the Stop-VM cmdlet.
B.    Decrease the Minimum RAM.
C.    Run the Convert-VHD cmdlet.
D.    Convert diskl.vhd to a dynamically expanding disk.

Answer: A
Explanation:
Original answer is D.
But the correct answer is A.
The disk configuration (dynamic Vs. fixed) has little impact on the snapshot size.
However snapshotting a machine whilst it is running means a RAM dump is also saved to preserve the systems running state at that moment. That requires as much disk space as RAM being used at that time. This is avoided if the machine is shutdown first, reducing the snapshot size by a great deal.

QUESTION 386
You have a server named Serverl that runs Windows Server 2012 R2.
You try to install the Microsoft .NET Framework 3.5 Features feature on Serverl, but the installation fails repeatedly.
You need to ensure that the feature can be installed on Serverl.
What should you do?

A.    Run the Add-AppxProvisionedPackage cmdlet.
B.    Disable User Account Control (UAC).
C.    Connect Serverl to the Internet.
D.    Remove the .NET Framework 4.5 Features feature.

Answer: C

QUESTION 387
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Hyper-V server role installed.
An iSCSI SAN is available on the network.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4.
You create a LUN on the SAN to host the virtual hard drive files for the virtual machines.
You need to create a 3-TB virtual hard disk for VM1 on the LUN. The solution must prevent VM1 from being paused if the LUN runs out of disk space.
Which type of virtual hard disk should you create on the LUN?

A.    Fixed-size VHDX
B.    Dynamically expanding VHDX
C.    Fixed-size VHD
D.    Dynamically expanding VHD

Answer: A

QUESTION 388
Hotspot Question
You have a Hyper-V host named Hyperv1 that runs Windows Server 2012 R2. Hyperv1 hosts a virtual machine named Server1. Server1 uses a disk named Server1.vhdx that is stored locally on Hyperv1.
You stop Server1, and then you move Server1.vhdx to an iSCSI target that is located on another server.
You need to configure Server1 to meet the following requirements:
– Ensure that Server1 can start by using Server1.vhdx.
– Prevent Server1.vhdx from consuming more than 500 IOPS on the iSCSI target.
Which two objects should you configure?
To answer, select the appropriate two objects in the answer area.
 clip_image002
Answer:

clip_image002[4]

QUESTION 389
You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 has the virtual switches listed in the following table.
 clip_image001[6]
You create a virtual machine named VM1. VM1 has two network adapters. One network adapter connects to vSwitch1. The other network adapter connects to vSwitch2. You configure NIC teaming on VM1.
You need to ensure that if a physical NIC fails on Server1, VM1 remains connected to the network.
What should you do on Server1?

A.    Run the Set-VmNetworkAdapter cmdlet.
B.    Create a new virtual switch on Server1.
C.    Modify the properties of vSwitch1 and vSwitch2.
D.    Add a new network adapter to VM1.

Answer: A

QUESTION 390
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Host1. Host1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Host1 hosts two virtual machines named VMS and VM6. Both virtual machines connect to a virtual switch named Virtual 1.
On VM5, you install a network monitoring application named Monitor1.
You need to capture all of the inbound and outbound traffic to VM6 by using Monitor1.
Which two commands should you run from Windows PowerShell? (Each correct answer presents part of the solution. Choose two.)

A.    Get-VM “VM6” | Set-VMNetworkAdapter-IovWeight 1
B.    Get-VM “VM5” I Set-VMNetworkAdapter -IovWeight 0
C.    Get-VM “VM5” | Set-VMNetworkAdapter -PortMirroring Source
D.    Get-VM “VM6” | Set-VMNetworkAdapter -AllowTeaming On
E.    Get-VM “VM6” | Set-VMNetworkAdapter -PortMirroring Destination
F.    Get-VM “VM5” | Set-VMNetworkAdapter -AllowTeaming On

Answer: CE

Passing Microsoft 70-410 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-410 Dump:

http://www.braindump2go.com/70-410.html


Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(221-230)!

QUESTION 221
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. You need to use the Group Policy object (GPO) to assign members to a computer group. Which setting should you configure in the GPO? To answer, select the appropriate setting in the answer area.
 clip_image002
Answer:
 clip_image002[4]
Explanation:
Client-side targeting involves automatically assigning the computers by using either Group Policy or registry keys. Second, create the computer group in WSUS. Third, move the computers into groups by using whichever method you chose in the first step. http://technet.microsoft.com/en-us/library/cc720433(v=ws.10).aspx

QUESTION 222
The contoso.com domain contains a a DNS server named Server1 that host a primary zone. Server2 contains a a secondary zone for the contoso.com doamin. You need to configure how long Server2 queries Server1 to renew the zone. What should you configure?

A.    Retry Interval
B.    Minimum TTL
C.    Refresh Interval
D.    Authority Record

Answer: C
Explanation:
A. The time, in seconds, a secondary server waits before retrying a failed zone transfer. Normally, this time is less than the refresh interval. The default value is 600 seconds (10 minutes). B The default Time-To-Live (TTL) of the zone and the maximum interval for caching negative answers to name queries. The default value is 3,600 seconds (1 hour). C. The time, in seconds, that a secondary DNS server waits before querying its source for the zone to attempt renewal of the zone. When the refresh interval expires, the secondary DNS server requests a copy of the current SOA record for the zone from its source, which answers this request. The secondary DNS server then compares the serial number of the source server’s current SOA record (as indicated in the response) with the serial number in its own local SOA record. If they are different, the secondary DNS server requests a zone transfer from the primary DNS server. The default for this field is 900 seconds (15 minutes).
D.
http://technet.microsoft.com/en-us/library/cc779148(v=ws.10).aspx

QUESTION 223
You are a network administrator of an Active Directory domain named contoso.com. You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed. You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1. You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?

A.    The relay agent information
B.    The user class
C.    The vendor class
D.    The client identifier

Answer: B
Explanation:
To configure a NAP-enabled DHCP server
On the DHCP server, click Start, click Run, in Open, type dhcpmgmt.smc, and then press ENTER.
In the DHCP console, open <servername>\IPv4.
Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.
On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK.
In the DHCP console tree, under the DHCP scope that you have selected, right- click Scope Options, and then click Configure Options. On the Advanced tab, verify that Default User Class is selected next to User class. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add.
Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization’s domain name (for example, woodgrovebank.local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.
On the Advanced tab, next to User class, choose Default Network Access Protection Class.
Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.
Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.woodgrovebank.local), and then click OK. This domain is a restricted- access network assigned to noncompliant NAP clients.
Click OK to close the Scope Options dialog box.
Close the DHCP console.
http://technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx

QUESTION 224
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You mount an Active Directory snapshot on DC1. You need to expose the snapshot as an LDAP server. Which tool should you use?

A.    ADSI Edit
B.    Ntdsutil
C.    Dsamain
D.    Ldp

Answer: C
Explanation:
 clip_image002[6]
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

QUESTION 225
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has a drive named E that is encrypted by using BitLocker Drive Encryption (BitLocker). A recovery key is stored on drive C. Drive E becomes locked. When you attempt to use the recovery key, you receive the following error message.
 clip_image001
You need to access the data stored on drive E. What should you run first?

A.    manage-bde -protectors -get e:
B.    manage-bde -unlock e: -recoverykey c:\
C.    disable-bitlocker -mountpoint e:
D.    unlock-bitlocker -mountpoint e: -recoverykeypath c:

Answer: A
Explanation:
Manage-bde is used to turn on or turn off BitLocker, specify unlock mechanisms, update recovery methods, and unlock BitLocker-protected data drives. This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item. http://technet.microsoft.com/en-us/library/ff829849.aspx

QUESTION 226
Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

A.    Modify the Link1 shortcut preference of GPO1.
B.    Enable loopback processing in GPO1.
C.    Enforce GPO1.
D.    Modify the Security Filtering settings of GPO1.

Answer: A
Explanation:
This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the shortcut already exists.
 
http://technet.microsoft.com/en-us/library/cc753580.aspx
http://technet.microsoft.com/en-us/library/cc753580.aspx

QUESTION 227
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012 R2. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    From the Update Services console, create computer groups.
B.    From the Update Services console, configure the Computers options.
C.    From the Group Policy Management console, configure the Windows Update settings.
D.    From the Group Policy Management console, configure the Windows Anytime Upgrade settings.
E.    From the Update Services console, configure the Synchronization Schedule options.

Answer: C
Explanation:
Create one computer group for Main site and another group for Branch site. You can deploy Windows updates by computer group.

QUESTION 228
Your network contains an Active Directory forest named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
 clip_image001[6]
You plan to implement the BitLocker Drive Encryption (BitLocker) Network Unlock feature. You need to identify which server role must be deployed to the network to support the planned implementation. Which role should you identify?

A.    Network Policy and Access Services
B.    Volume Activation Services
C.    Active Directory Rights Management Services
D.    Windows Deployment Services

Answer: D

QUESTION 229
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You need to create an Active Directory snapshot on DC1. Which four commands should you run?
To answer, move the four appropriate commands from the list of commands to the answer area and arrange them in the correct order.
 clip_image001[8]
Answer:
 clip_image001[10]
Explanation:
http://www.petri.co.il/working-active-directory-snapshots-windows-server-2008.htm#
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

QUESTION 230
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Print1. Your company implements DirectAccess. A user named User1 frequently works at a customer’s office. The customer’s office contains a print server named Print1. While working at the customer’s office, User1 attempts to connect to Print1. User1 connects to the Print1 server in contoso.com instead of the Print1 server at the customer’s office. You need to provide User1 with the ability to connect to the Print1 server in the customer’s office.
Which Group Policy option should you configure?
To answer, select the appropriate option in the answer area.
 clip_image001[12]
Answer:

clip_image001[14]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html


Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(211-220)!

QUESTION 211
Your network contains an Active Directory domain named contoso.com. The domain controllers in the domain are configured as shown in the following table.
 clip_image001[64]
You deploy a new domain controller named DC3 that runs Windows Server 2012 R2. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center. You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?

A.    Raise the functional level of the domain.
B.    Upgrade DC1.
C.    Transfer the infrastructure master operations master role.
D.    Transfer the PDC emulator operations master role.

Answer: A
Explanation:
Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
http://technet.microsoft.com/en-us//library/cc754461%28v=ws.10%29.aspx

QUESTION 212
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 200 Group Policy objects (GPOs) and 100 WMI filters. An administrator named Admin1 must be able to create new WMI filters and edit all of the existing WMI filters from the Group Policy Management Console (GPMC). You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1.
What should you do?

A.    From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.
B.    From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
C.    From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
D.    From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers__group.

Answer: A
Explanation:
Users with Full control permissions can create and control all WMI filters in the domain,
including WMI filters created by others.
Users with Creator owner permissions can create WMI filters, but can only control WMI filters that they create.
http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx

QUESTION 213
Your network contains three Network Policy Server (NPS) servers named NPS1, NPS2, and NPS3. NPS1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1. You need to ensure that NPS2 receives connection requests. NPS3 must only receive connection requests if NPS2 is unavailable. How should you configure Group1?

A.    Change the Weight of NPS2 to 10.
B.    Change the Weight of NPS3 to 10.
C.    Change the Priority of NPS2 to 10.
D.    Change the Priority of NPS3 to 10.

Answer: D

QUESTION 214
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. All client computers are configured to download updates from Server1. You have a Group Policy object (GPO) named GPO1 that is linked to an organizational unit (OU) named Sales_OU.
You need to ensure that all of the computers in Sales_OU are added to a Windows Server Update Services (WSUS) computer group named SalesComputers.
Which setting should you configure in the GPO?
To answer, select the appropriate setting in the answer area.
 clip_image002[38]
Answer:
 clip_image002[40]

QUESTION 215
Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. On DC10, the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?

A.    Ultrasound
B.    Active Directory Sites and Services
C.    Frsutil
D.    Adsiedit.msc

Answer: D
Explanation:
How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like “D2” for FRS)
1. In the ADSIEDIT.MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative:
CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>
msDFSR-Enabled=FALSE
2. Force Active Directory replication throughout the domain.
3. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
4. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.
5. On the same DN from Step 1, set:
msDFSR-Enabled=TRUE
6. Force Active Directory replication throughout the domain.
7. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
8. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL. Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.

QUESTION 216
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings of contoso.com. You need to identify to which Active Directory object types you can directly apply the fine-grained password policies. Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.)

A.    Domain local groups
B.    Computers
C.    Universal groups
D.    Global groups
E.    Users

Answer: DE
Explanation:
First off, your domain functional level must be at Windows Server 2008. Second, Fine-grained password policies ONLY apply to user objects, and global security groups. Linking them to universal or domain local groups is ineffective. I know what you’re thinking, what about OU’s? Nope, Fine-grained password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed.
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups.
You can apply Password Settings objects (PSOs) to users or global security groups:
http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc770848%28v=ws.10%29.aspx http://www.brandonlawson.com/active-directory/creating-fine-grained-password-policies/

QUESTION 217
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1. You need to update the PATH variable on all of the client computers. Which Group Policy preference should you configure?

A.    Ini Files
B.    Services
C.    Environment
D.    Data Sources

Answer: C

QUESTION 218
Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway. A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.254. You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails. What should you do on Server1?

A.    Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
B.    Add 10.1.14.254 as a gateway and set the metric to 500.
C.    Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
D.    Add 10.1.14.254 as a gateway and set the metric to 1.

Answer: B

QUESTION 219
Your network contains and Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Server 2012. You need to collect the error events from all the servers on Server1. The solution ensure that when new servers are added to the domain, their error events are collected automatically on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    On Server1, create a source computer initiated subscription.
B.    From a Group Policy object (GPO), configure the Configure forwarder resource usage settings.
C.    From a Group Policy object (GPO), configure the Configure target Subscription Manager settings
D.    On Server1, create a collector initiated subscription.

Answer: AC
Explanation:
A. Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer.
C. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting.
http://technet.microsoft.com/en-us/library/cc722010.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx

QUESTION 220
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. You have a failover cluster named Cluster1. All of the nodes in Cluster1 have BitLocker Drive Encryption (BitLocker) installed.
You plan to add a new volume to the shared storage of Cluster1. You need to add the new volume to the shared storage. The solution must meet the following requirements:
– Encrypt the volume.
– Avoid using maintenance mode on the cluster.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002[42]
Answer:
 clip_image002[44]
Explanation:
http://technet.microsoft.com/en-us/library/jj649829.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html


Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(201-210)!

QUESTION 201
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The contoso.com zone is Active Directory-integrated and configured to replicate to all of the domain controllers in the contoso.com domain. Server1 has a DNS record in the contoso.com zone. You need to verify when the DNS record for Server1 was last updated. In which Active Directory partition should you view the DNS record of Server1?
To answer, select the appropriate Active Directory partition in the answer area.
 clip_image002[30]
Answer:
 clip_image002[32]

QUESTION 202
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 has the Windows Server Update Services (WSUS) server role installed. WSUS is configured to use a Windows Internal Database. Server2 has Microsoft SQL Server 2008 R2 Standard deployed. You detach the SUSDB database from Server1 and attach the database to Server2. You need to ensure that Windows Deployment Services (WDS) on Server1 uses the database hosted on Server2. What should you do on Server1?

A.    Configure an ODBC file data source.
B.    Run the wsusutil command.
C.    Edit the registry.
D.    Configure an ODBC system data source.

Answer: C
Explanation:
Find the following key:
HKLM\SOFTWARE\Microsoft\UpdateServices\Server\Setup\SqlServerName. In the Value data box, type [BEName]\[InstanceName], and then click OK. If the instance name is the default instance, type [BEName].
Find the following key: HKLM\Software\Microsoft\Update Services\Server\Setup\wYukonInstalled. In the Value box, type 0, and then click OK. http://technet.microsoft.com/en-us/library/cc708558(WS.10).aspx

QUESTION 203
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers. A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group. You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
 clip_image001[50]
When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short. You need to tell User1 what her minimum password length is. What should you tell User1?

A.    10
B.    11
C.    12
D.    14

Answer: D

QUESTION 204
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. You log on to Server1 by using a user account named User2. From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[34]
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2.
To which group should you add User2?

A.    Enterprise Admins
B.    Domain Admins
C.    Server Operators
D.    Account Operators

Answer: B

QUESTION 205
Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com. The main office connects to the branch office by using an unreliable WAN link. You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days. Which setting should you modify in the start of authority (SOA) record?

A.    Retry interval
B.    Minimum (default) TTL
C.    Refresh interval
D.    Expires after

Answer: D
Explanation:
Refresh interval. Used to determine how often other DNS servers that load and host the zone must attempt to renew the zone.
Retry interval. Used to determine how often other DNS servers that load and host the zone are to retry a request for update of the zone each time that the refresh interval occurs. Expire interval. Used by other DNS servers that are configured to load and host the zone to determine when zone data expires if it is not renewed.

QUESTION 206
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. You plan to deploy 802.1x authentication to secure the wireless network. You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.lx deployment. Which authentication method should you identify?

A.    PEAP-MS-CHAP v2
B.    MS-CHAP v2
C.    EAP-TLS
D.    MS-CHAP

Answer: C

QUESTION 207
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?

A.    WMI Filtering
B.    Security Filtering
C.    Group Policy loopback processing mode
D.    Item-level targeting

Answer: B
Explanation:
* GPOs cannot be linked directly to users, computers, or security groups. They can only be linked to sites, domains and organizational units. However, by using security filtering, you can narrow the scope of a GPO so that it applies only to a single group, user, or computer.
* Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Reference: Security filtering using GPMC

QUESTION 208
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named User1. User1 is the member of a group named Group1. Group1 is in the Users container. You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
 clip_image002[36]
You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1. Which three GPOs should you identify in sequence? To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.
 clip_image001[52]
Answer:
 clip_image001[54]
Explanation:
* Box 1: Domain GPOs are applied before OU GPOs.
* Incorrect:
* NOT GPO2: GPO2 has Deny Apply Group Policy for Group1.
* Not GPO5: GPO4 is enforced. As GPO4 is within OU1 and OU2 is within OU1, GPO4 will not be applied.
* When a Group Policy Object (GPO) is enforced it means the settings in the Group Policy Object on an Organization Unit (which is shown as a folder within the Active Directory Users and Computers MMC) cannot be overruled by a Group Policy Object (GPO) which is link enabled on an Organizational Unit below the Organizational Unit with the enforced Group Policy Object (GPO). In Active Directory Users and Computers MMC ‘below’ means it is a subfolder.
* Group Policy Objects are processed in the following order (from top to bottom):
1. Local – Any settings in the computer’s local policy. Prior to Windows Vista, there was only one local group policy stored per computer. Windows Vista and later Windows versions allow individual group policies per user accounts.
2. Site – Any Group Policies associated with the Active Directory site in which the computer resides. (An Active Directory site is a logical grouping of computers that is meant to facilitate management of computers based on their physical proximity.) If multiple policies are linked to a site, they are processed in the order set by the administrator.
3. Domain – Any Group Policies associated with the Windows domain in which the computer resides. If multiple policies are linked to a domain, they are processed in the order set by the administrator.
4. Organizational Unit – Group policies assigned to the Active Directory organizational unit (OU) in which the computer or user are placed. (OUs are logical units that help organizing and managing a group of users, computers or other Active Directory objects.) If multiple policies are linked to an OU, they are processed in the order set by the administrator.

QUESTION 209
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to install the RIP version 2 routing protocol on Server1. Which node should you use to add the RIP version 2 routing protocol? To answer, select the appropriate node in the answer area.

 clip_image001[56]
Answer:
 clip_image001[58]

QUESTION 210
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. An administrator modifies the start of authority (SOA) record for the adatum.com zone. After the modification, you discover that when you add or modify DNS records in the adatum.com zone, the changes are not transferred to the DNS servers that host secondary copies of the adatum.com zone. You need to ensure that the records are transferred to all the copies of the adatum.com zone. What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area.

 clip_image001[60]
Answer:

clip_image001[62]
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html


Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(191-200)!

QUESTION 191
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8. Group Policy objects (GPOs) are linked to the domain as shown in the exhibit. (Click the Exhibit button.)
 clip_image001[38]
GPO2 contains computer configurations only and GP03 contains user configurations only. You need to configure the GPOs to meet the following requirements:
– Ensure that GPO2 only applies to the computer accounts in OU2 that have more than one processor.
– Ensure that GP03 only applies to the user accounts in OU3 that are members of a security group named SecureUsers.
Which setting should you configure in each GPO?
To answer, drag the appropriate setting to the correct GPO. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
 clip_image001[40]
Answer:
 clip_image001[42]
QUESTION 192
Your network contains an Active Directory domain named contoso.com.You have a standard primary zone names contoso.com. You need to ensure that only users who are members of a group named Group1 can create DNS records in the contoso.com zone. All other users must be prevented from creating, modifying, or deleting DNS records in the zone. What should you do first?

A.    Run the Zone Signing Wizard for the zone.
B.    From the properties of the zone, change the zone type.
C.    Run the new Delegation Wizard for the zone.
D.    From the properties of the zone, modify the Start Of Authority (SOA) record.

Answer: B
Explanation:
The Zone would need to be changed to a AD integrated zone When you use directory-integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a secure group, such as a domain administrators group. This security feature is not available with standard primary zones
DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.
Standard (not an Active Directory integrated zone) has no Security settings:
 clip_image001[44]
You need to firstly change the “Standard Primary Zone” to AD Integrated Zone:
 clip_image001[46]
Now there’s Security tab:
 clip_image001[48]
http://technet.microsoft.com/en-us/library/cc753014.aspx
http://technet.microsoft.com/en-us/library/cc726034.aspx
http://support.microsoft.com/kb/816101

QUESTION 193
Your network contains an Active Directory domain named contoso.com. All client computers run Windows Vista Service Pack 2 (SP2). All client computers are in an organizational unit (OU) named OU1. All user accounts are in an OU named OU2. All users log on to their client computer by using standard user accounts. A Group Policy object (GPO) named GPO1 is linked to OU1. A GPO named GPO2 is linked to OU2. You need to apply advanced audit policy settings to all of the client computers. What should you do?

A.    In GPO1, configure a startup script that runs auditpol.exe.
B.    In GPO2, configure a logon script that runs auditpol.exe.
C.    In GPO1, configure the Advanced Audit Policy Configuration settings.
D.    In GPO2, configure the Advanced Audit Policy Configuration settings.

Answer: A

QUESTION 194
Your network contains two Active Directory domains named contoso.com and adatum.com. The contoso.com domain contains a server named Server1.contoso.com. The adatum.com domain contains a server named server2.adatum.com. Server1 and Server2 run Windows Server 2012 R2 and have the DirectAccess and VPN (RRAS) role service installed. Server1 has the default network policies and the default connection request policies. You need to configure Server1 to perform authentication and authorization of VPN connection requests to Server2. Only users who are members of Adatum\Group1 must be allowed to connect. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

A.    Network policies
B.    Connection request policies
C.    Create a network policy.
D.    Create a connection request policy.

Answer: AD
Explanation:
* Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
* With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client

QUESTION 195
You have a server that runs Windows Server 2012 R2. You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012 R2. You plan to apply several updates to Windows2012.vhd. You need to mount Windows2012.vhd to H:\. Which tool should you use?

A.    Device Manager
B.    Diskpart
C.    Mountvol
D.    Server Manager

Answer: B
Explanation:
 clip_image002[26]
http://technet.microsoft.com/en-us/library/cc753321.aspx

QUESTION 196
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Windows Deployment Services (WDS) server role installed. You need to use WDS to deploy an image to a client computer that does not support PXE. Which type of image should you use to start the computer?

A.    Install
B.    Boot
C.    Discover
D.    Capture

Answer: C

QUESTION 197
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2. The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[28]
You need to enable access-based enumeration on the DFS namespace. What should you do first?

A.    Install the File Server Resource Manager role service on Server3 and Server5.
B.    Raise the domain functional level.
C.    Delete and recreate the namespace.
D.    Raise the forest functional level.

Answer: C

QUESTION 198
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain.
Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2.
OU1 contains a client computer named Computer1. OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on. What should you configure?

A.    The GPO Status
B.    GPO links
C.    The Enforced setting
D.    Security Filtering

Answer: D
Explanation:
* GPOs cannot be linked directly to users, computers, or security groups. They can only be linked to sites, domains and organizational units. However, by using security filtering, you can narrow the scope of a GPO so that it applies only to a single group, user, or computer.
* Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Reference: Security filtering using GPMC

QUESTION 199
Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. On DC10, the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?

A.    Dfsgui.msc
B.    Replmon
C.    Adsiedit.msc
D.    Ultrasound

Answer: C
Explanation:
How to perform a non-authoritative synchronization of DFSR-replicated SYSVOL (like “D2” for FRS)
1. In the ADSIEDIT.MSC tool modify the following distinguished name (DN) value and attribute on each of the domain controllers that you want to make non-authoritative:
CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>
msDFSR-Enabled=FALSE
2. Force Active Directory replication throughout the domain.
3. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
4. You will see Event ID 4114 in the DFSR event log indicating SYSVOL is no longer being replicated.
5. On the same DN from Step 1, set:
msDFSR-Enabled=TRUE
6. Force Active Directory replication throughout the domain.
7. Run the following command from an elevated command prompt on the same servers that you set as non-authoritative:
DFSRDIAG POLLAD
8. You will see Event ID 4614 and 4604 in the DFSR event log indicating SYSVOL has been initialized. That domain controller has now done a “D2” of SYSVOL. Note: Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.
Incorrect:
A: Dfsgui is for ealier versions of Windows Server.
B: Replmon is for Windows 2003 and earlier.
Reference: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like “D4/D2” for FRS)

QUESTION 200
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines. You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?

A.    Windows System Resource Manager (WSRM)
B.    Task Manager
C.    Resource Monitor
D.    Hyper-V Manager

Answer: D
Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump: http://www.braindump2go.com/70-411.html


Official 2014 Latest Microsoft 70-410 Exam Dump Free Download(371-380)!

QUESTION 371
A company’s server deployment team needs to install fourteen Windows Server 2012 R2 to handle the expected increase in holiday traffic. The team would like the option of switching the servers between Server Core and Full GUI servers and do not want to be locked in to their first choice.
The server team would like four of the servers to include the Windows 8 Shell. Which installation option is required for these servers?

A.    Server Core
B.    Desktop Experience
C.    Server with a GUI
D.    Minimal Server Interface

Answer: B
Explanation:
The Desktop Experience installation option includes the Windows 8 Shell feature. This installation option also includes other features available for installation not found in the other three; such as Themes, Windows Store and support for Windows Store apps, and Windows Media Player.
Quick Tip: To completely remove a feature and the binary files from the disk, use the Windows PowerShell command Uninstall-WindowsFeature. For example, to remove Desktop Experience:
Uninstall-WindowsFeature Desktop-Experience -Remove
http://technet.microsoft.com/en-us/library/hh831786.aspx
http://mcpmag.com/articles/2013/01/22/70-410-win2012-install.aspx

QUESTION 372
A company’s network administrator needs to ensure a specific IP address is never assigned by a Windows Server 2012 R2 DHCP server to any device connecting to the network.
Which of the following should the administrator configure on the Windows Server 2012 R2 DHCP server?

A.    Reservation
B.    Scope options
C.    NAP
D.    Scope properties

Answer: A
Explanation:
Configuring an IP address as a reservation will restrict a DHCP server’s assignment of that address unless a specific MAC address makes a request for the address.
Exclusion is for not use the IP Address or range inside the Scope Pool, Filter is for not use theMAC Address or range.
Quick Tip: Policies can also be defined per scope or server. Policy based assignment (PBA) allows an administrator to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. This feature allows for targeted administration and greater control of configuration parameters delivered to network devices.
http://technet.microsoft.com/en-us/library/jj200226.aspx
http://mcpmag.com/articles/2013/02/12/70-410-dhcp.aspx
Another correct answer? Create a Exclusion Range? You decide… but that option is not at the options list at this question.
 clip_image002[24]

QUESTION 373
A company’s server virtualization team needs to provision a series of Hyper-V workloads to use existing network storage arrays. The team has chosen to use Fibre Channel ports within the guest operating systems.
Which of the following Windows Server versions can be used as guest operating systems when using Hyper-V Fibre Channel ports?

A.    2003 R2
B.    2008
C.    2003
D.    2012

Answer: BD
Explanation:
Windows Server 2008, 2008 R2, and 2012 R2 can be guest operating systems when using Hyper-V Fibre Channel host bus adaptors (HBAs). Updated HBA drivers are needed along with NPIV-enabled (N_Port ID Virtualization) SANs.
Quick Tip: Virtual Fibre Channel logical units cannot be used as boot media.
http://technet.microsoft.com/en-us/library/hh831413.aspx
http://mcpmag.com/articles/2013/02/05/70-410-win2012-fibre.aspx

QUESTION 374
A company’s server deployment team needs to introduce many new Windows Server 2012 R2 domain controllers throughout the network into a single Windows Server 2008 R2 domain. The team has chosen to use Windows PowerShell.
Which Windows PowerShell module includes the command-line options for installing domain controllers?

A.    AD DS Administration cmdlets
B.    AD DS Deployment cmdlets
C.    AD CS Deployment cmdlets
D.    AD DS Administration cmdlets

Answer: B
Explanation:
First use the Import-Module ADDSDeployment command in PowerShell–it includes the cmdlets needed to add new domain controllers. Then run Install-ADDSDomainController along with the required arguments.
Quick Tip: DCPromo.exe has been deprecated but can still be used along with an answer file, and ADPrep.exe runs automatically when needed (but can be run with elevated rights for more control).
http://technet.microsoft.com/en-us/library/hh994618.aspx
http://mcpmag.com/articles/2013/02/19/70-410-win2012-ad.aspx

QUESTION 375
A company’s server administration team would like to take advantage of the newest file systems available with Windows Server 2012 R2. The team needs a file system capable of managing extremely large data drives that can auto-detect data corruption and automatically perform needed repairs without taking a volume offline.
Which file system should the server administration team choose?

A.    NFS
B.    DFS
C.    NTFS
D.    ReFS

Answer: D
Explanation:
The ReFS (Resilient File System) is capable of managing extremely large data drives (1 YB Yottabyte), can auto-detect data corruption, and automatically perform needed repairs without taking the volume offline.
Quick Tip: The command fsutil fsinfo volumeinfo x: will display the volume file system. ReFS is only intended for data drives and not compatible with all Windows Server 2012 R2 file system technologies, however it is compatible with the new Storage Spaces.
http://technet.microsoft.com/en-us/library/hh831724.aspx
http://mcpmag.com/articles/2013/01/29/70-410-win2012-file.aspx

QUESTION 376
A company’s server security team needs a solution that will prevent users from installing and using unauthorized applications on their Windows 8 desktop computers. Which technology should the team choose?

A.    Starter GPOs
B.    Group Policy Objects
C.    Software Restriction Policies
D.    AppLocker

Answer: D
Explanation:
AppLocker (Application Locker) can help prevent malicious (malware) and unsupported applications from affecting computers. These include executable files, scripts, Windows Installer files, DLLs, Packaged apps and Packaged app installers.
Quick Tip: AppLocker is also supported by Windows Server 2008 R2 and Windows 7.
http://technet.microsoft.com/en-us/library/hh831440.aspx
http://mcpmag.com/articles/2013/02/26/controlling-applications.aspx ExamRef

QUESTION 376
You are attempting to delete a global security group in the Active Directory Users and Computers console, and the console will not let you complete the task. Which of the following could possibly be causes for the failure? (Choose all answers that are correct.)

A.    There are still members in the group.
B.    One of the group’s members has the group set as its primary group.
C.    You do not have the proper permissions for the container in which the group is located.
D.    You cannot delete global groups from the Active Directory Users and Computers console.

Answer: BC
Explanation:
A. Incorrect: It is possible to delete a group that has members.
B. Correct: If any member sets the group as its primary group, then the system does not permit the group to be deleted.
C. Correct: You must have the appropriate Active Directory permissions for the container in which the group is located to delete it.
D. Incorrect: It is possible to delete groups using the Active Directory Users and Groups console.

QUESTION 377
In a domain running at the Windows Server 2012 R2 domain functional level, which of the following security principals can members of a global group? (Choose all answers that are correct.)

A.    Users
B.    Computers
C.    Universal groups
D.    Global groups

Answer: ABD
Explanation:
A. Correct: Users can be security principals in a global group.
B. Correct: Computers can be security principals in a global group.
C. Incorrect: Universal groups cannot be security principals in a global group.
D. Correct: Global group can be security principals in a global group.

QUESTION 378
Which of the following group scope modifications are never permitted? (Choose all answers that are correct.)

A.    Global to universal
B.    Global to domain local
C.    Universal to global
D.    Domain local to universal

Answer: B
Explanation:
A. Incorrect: Global to universal group conversions are sometimes permitted.
B. Correct: Global to domain local group conversions are never permitted.
C. Incorrect: Universal to global group conversions are sometimes permitted.
D. Incorrect: Domain local to universal group conversions are sometimes permitted.

QUESTION 379
Which of the following is not a correct reason for creating an OU?

A.    To create a permanent container that cannot be moved or renamed
B.    To duplicate the divisions in your organization
C.    To delegate administration tasks
D.    To assign different Group Policy settings to a specific group of users or computers

Answer: A
Explanation:
A. Correct: The reasons for creating an OU include duplicating organizational divisions, assigning Group Policy settings, and delegating administration. You can easily move or rename an OU at will.
B. Incorrect: Duplicating organizational divisions is a viable reason for creating an OU.
C. Incorrect: Delegating administration tasks is a viable reason for creating an OU.
D. Incorrect: Assigning Group Policy settings is a viable reason for creating an OU.

QUESTION 380
Which of the following groups do you use to consolidate groups and accounts that either span multiple domains or the entire forest?

A.    Global
B.    Domain local
C.    Built-in
D.    Universal

Answer: D
Explanation:
A. Incorrect: Global groups cannot contain users from other domains.
B. Incorrect: Domain local groups cannot have permissions for resources in other domains.
C. Incorrect: Built-in groups have no inherent cross-domain qualities.
D. Correct: Universal groups, like global groups, are used to organize users according to their resource access needs. You can use them to organize users to facilitate access to any resource located in any domain in the forest through the use of domain local groups. Universal groups are used to consolidate groups and accounts that either span multiple domains or the entire forest.


Official 2014 Latest Microsoft 70-410 Exam Dump Free Download(361-370)!

QUESTION 361
You work as a senior administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers on the L2P.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing Group Policy preference.
Which of the following is TRUE with regards to Group Policy preference?

A.    It supports applications and operating system features that are not compatible with Group Policy
B.    It does not support item-level targeting.
C.    It is the same as Group Policy filtering.
D.    It does not cause the application or operating system feature to disable the user interface for the settings
they configure.

Answer: AD

QUESTION 362
You work as an administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows Server 2012 R2 installed.
ABC.com has a domain controller, named ABC-DC01, which contains the ABC.com domain’s primary DNS zone. ABC.com’s workstations refer to ABC-DC01 as their primary DNS server.
You have been instructed to make sure that any DNS requests that are not for the ABC.com domain, is resolved by ABC-DC01 querying the DNS server of ABC.com’s Internet Service Provider (ISP).
Which of the following actions should you take?

A.    You should consider configuring a reverse lookup zone.
B.    You should consider configuring forward lookup zone.
C.    You should consider configuring Forwarders.
D.    You should consider configuring 019 IP Layer Forwarding.

Answer: C
Explanation:
A forwarder is a Domain Name System (DNS) server on a network that forwards DNS queries for external DNS names to DNS servers outside that network. You can also forward queries according to specific domain names using conditional forwarders.
You designate a DNS server on a network as a forwarder by configuring the other DNS servers in the network to forward the queries that they cannot resolve locally to that DNS server. By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet, and improve the efficiency of name resolution for the computers in your network.
http://technet.microsoft.com/en-us/library/cc754931.aspx
http://technet.microsoft.com/en-us/library/cc730756.aspx

QUESTION 363
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers on the L2P.com network have Windows Server 2012 R2 installed.
L2P.com has a server, named L2P-SR13, which is configured as the primary DNS server in the L2P.com domain. L2P.com has another server, named L2P-SR14, which makes use of L2PSR13 for DNS queries.
You want to make sure that running nslookup.exe from L2P-SR14 produces a result that shows the proper name of the default server.
Which of the following actions should you take?

A.    You should consider creating a reverse lookup zone on L2P-SR14.
B.    You should consider creating a forward lookup zone on L2P-SR14.
C.    You should consider creating a reverse lookup zone on L2P-SR13.
D.    You should consider creating a forward lookup zone on L2P-SR13.

Answer: C
Explanation:
When you start Nslookup from a command line, the following error message may be displayed: DNS request timed out
timeout was x seconds
Can’t find server name for address xxx.xxx.xxx.xxx: Timed out
Default servers are not available
Default Server: UnKnown
Address: xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the Internet Protocol (IP) address of the host on which you are attempting to start Nslookup.
CAUSE When Nslookup starts, it attempts to resolve the IP address of its host’s DNS server to its fully qualified domain name (FQDN). If the DNS server does not respond or if the DNS server’s reverse lookup zones do not contain a PTR record for the DNS server’s IP address, the error message is displayed.
http://support.microsoft.com/kb/242906/en-us

QUESTION 364
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers on the L2P.com network have Windows Server 2012 R2 installed.
L2P.com has a server, named L2P-SR07, which has the ADDS, DHCP, and DNS server roles installed. L2P.com also has a server, named L2P-SR08, which has the DHCP, and Remote Access server roles installed. You have configured a server, which has the File and Storage Services server role installed, to automatically acquire an IP address. The server is named L2PSR09.
You then create reservation on L2P-SR07, and a filter on L2P-SR08.
Which of the following is a reason for this configuration?

A.    It allows L2P-SR09 to acquire a constant IP address from L2P-SR08 only.
B.    It configures L2P-SR09 with a static IP address.
C.    It allows L2P-SR09 to acquire a constant IP address from L2P-SR07 and L2PSR08.
D.    It allows L2P-SR09 to acquire a constant IP address from L2P-SR07 only.

Answer: D
Explanation:
To configure the Deny filter
In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, right-click Deny under Filters, and then click New Filter. In the New Deny Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 2, click Add, and then click Close. Under Filters right-click the Deny node, and then click the Enable pop-up menu item.
http://technet.microsoft.com/en-us/library/ee405265%28WS.10%29.aspx

QUESTION 365
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com.
L2P.com has a server, named L2P-SR15, which has Windows Server 2012 R2 installed. L2P.com also has a server, named L2P-SR16, which has Windows Server 2008 R2 SP1 installed.
You have been instructed to make sure that L2P-SR16 is able to run Windows PowerShell 3.0.
Which of the following actions should you take? (Choose two.)

A.    You should consider making sure that L2P-SR16 has a full installation of Microsoft .NET Framework 4
installed.
B.    You should consider making sure that L2P-SR16 has a full installation of Microsoft .NET Framework 2
installed.
C.    You should consider making sure that L2P-SR16 has WS-Management 3.0 installed.
D.    You should consider making sure that L2P-SR16 is upgraded to Windows Server 2012 R2.

Answer: AC
Explanation:
WS-Management 3.0 – Windows Management Framework 3.0 Includes Windows PowerShell 3.0, WMI, WinRM, Management OData IIS Extension, and Server Manager CIM Provider
Windows Management Framework 3.0 requires Microsoft .NET Framework 4.0.
http://www.microsoft.com/en-us/download/details.aspx?id=34595

QUESTION 366
You work as an administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers on the L2P.com network have Windows Server 2012 R2 installed.
L2P.com has a server, named L2P-SR13. L2P-SR13 hosts a shared folder, named L2PShare, which has been shared as L2PShare$.
Which of the following is TRUE with regards to sharing the folder in this manner?

A.    It allows all users to view L2PShare when browsing the network.
B.    It prevents users from viewing L2PShare when browsing the network.
C.    It only allows L2P-SR13’s users to view L2PShare.
D.    It removes the permissions configured for L2PShare.

Answer: B
Explanation:
A hidden share is identified by a dollar sign ($) at the end of the share nameHidden shares are not listed when you look through the shares on a computer or use the “net view” command
Why Use Hidden Shares?
Using hidden shares on your network is useful if you do not want a shared folder or drive on the network to be easily accessible. Hidden shares can add another layer of protection for shared files against unauthorized people connecting to your network. Using hidden shares helps eliminate the chance for people to guess your password (or be logged into an authorized Windows account) and then receive access to the shared resource.
 clip_image001[30]
http://support.microsoft.com/kb/314984
http://technet.microsoft.com/en-us/library/cc784710(v=ws.10).aspx

QUESTION 367
You work as a senior administrator at L2P.com. The L2P.com network consists of a single domain named L2P.com. All servers on the L2P.com network have Windows Server 2012 R2 installed.
You are running a training exercise for junior administrators. You are currently discussing printer pooling.
Which of the following is TRUE with regards to printer pooling? (Choose all that apply.)

A.    Printers in a pool must be of the same model, and use the same printer driver.
B.    Each printer in the pool must have a different printer driver.
C.    Printer ports used in the pool must be of the same type.
D.    The types of printer ports used in the pool must be mixed.
E.    Pooled printers appear to workstations as a single printer.
F.    A minimum of three printers are required to configure a printer pool.

Answer: AE
Explanation:
You can create a printing pool to automatically distribute print jobs to the next available printer. A printing pool is one logical printer connected to multiple printers through multiple ports of the print server. The printer that is idle receives the next document sent to the logical printer. This is useful in a network with a high volume of printing because it decreases the time users wait for their documents. A printing pool also simplifies administration because multiple printers can be managed from the samelogical printer on a server.
http://technet.microsoft.com/en-us/library/cc757086%28v=ws.10%29.aspx

QUESTION 368
You work as an administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows Server 2012 R2 installed.
You have installed the DNS Server Role on a ABC.com server, named ABC-SR13. ABC.com’s workstations make use of a web proxy to access the Internet, and refer to ABC-SR13 as a primary DNS server.
You have been instructed to make sure that Internet host names for ABC.com’s workstations are not resolved by ABC-SR13.
Which of the following actions should you take?

A.    You should consider configuring a primary zone on L2P-SR13.
B.    You should consider configuring a secondary zone on L2P-SR13.
C.    You should consider configuring a reverse lookup zone on L2P-SR13.
D.    You should consider configuring a forward lookup zone on L2P-SR13.

Answer: A
Explanation:
Open DNS Server Manager | Expand DNS Server | Expand Forward Lookup Zones | Right Click on Forward Lookup Zones and select New Zone | Primary Zone | Zone Name: “.” (only dot, without quotation marks) When you create such a zone, you are configuring the DNS server to be the ultimate authority for the DNS namespace. The DNS server will no longer attempt to forward any DNS requests that it is not authoritative for.
When you install DNS on a Windows server that does not have a connection to the Internet, the zone for the domain is created and a root zone, also known as a dot zone, is also created. This root zone may prevent access to the Internet for DNS and for clients of the DNS. If there is a root zone, there are no other zones other than those that are listed with DNS, and you cannot configure forwarders or roothint servers.
Root domain This is the top of the tree, representing an unnamed level; it is sometimes shown as two empty quotation marks (“”), indicating a null value. When used in a DNS domain name, it is stated by a trailing period (.) to designate that the name is located at the root or highest level of the domain hierarchy. In this instance, the DNS domain name is considered to be complete and points to an exact location in the tree of names. Names stated this way are called fully qualified domain names (FQDNs).
 clip_image001[32]
http://technet.microsoft.com/en-us/library/cc772774%28v=ws.10%29.aspx http://youtu.be/KjMDtlR6Mhk http://support.microsoft.com/kb/298148/en-us
http://www.wincert.net/tips/windows-server/2510-how-to-remove-root-hints-in-windows-server-2008-r2- dns-server http://support.microsoft.com/kb/298148/en-us

QUESTION 369
You run a Windows Server 2012 R2, what is the PowerShell command to set preferred dns server. Note: Other config such as ip address should not be changed.

A.    Register-DnsClient
B.    Set-DnsClient
C.    Set-DnsPreferredClientServerAddress
D.    Set-DnsClientServerAddress

Answer: D
Explanation:
Set-DnsClientServerAddress – Sets DNS server addresses associated with the TCP/IP properties on an interface.
Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses (“10.0.0.1”)
 clip_image001[34]
There is a fair bit of confusion around the purpose of the Alternate DNS Server. This Post should hopefully put these questions to bed.
The general assumption is that, the Windows DNS Client on all counts, will send a DNS query to the Preferred DNS first. If this query fails, then it will query the Alternate DNS Server, and so on and so forth.
The above statement is true, however there is a twist.
The Windows DNS Client will reset the DNS Server Priority at periodic intervals. By default, the server priorities are reset every 15 minutes.
Let’s look at an example:
I have a DNS Client configured as follows:
Preferred DNS: 192.168.0.1
Alternate DNS: 10.10.0.1
The DNS Client will start by sending queries to 192.168.0.1. After 15 minutes it will switch priority to 10.10.0.1. Thus all queries will first be sent to 10.10.0.1 for a period of 15 minutes before switching back to 192.168.0.1
There is another condition that triggers a Priority Switch.
If say the Preferred DNS timed out on a DNS query, the DNS Client will send that DNS Query to the Alternate DNS.
If the Alternate DNS resolves the Query, the Priority will now switch to the Alternate DNS, until either it times out on a Query or the Priority Time Limit expires.
It is a common practice to configure the Preferred DNS Server with the IP of a Local Site DNS Server and the Alternate DNS Server with that of a Remote Site. The problem arises when Firewall/Network folk raise complaints that Clients are sending DNS Traffic to Remote DNS Servers. Well, that is because they have been configured to do so.
http://blogs.technet.com/b/ajayr/archive/2011/12/14/who-does-dns-client-prefer-preferred-or-alternate.aspx
http://technet.microsoft.com/en-us/library/cc738344%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/jj590768.aspx

QUESTION 370
Command to set configure network interface primary dns server. Note: Other config such as ip address should not be changed.
 clip_image001[36]

A.    set-ipaddress
B.    netsh
C.    ipconfig
D.    winipconfig

Answer: B
Explanation:
netsh interface ipv4 set dns name=”Local Area Connection” source=static address
=192.168.100.49 primary
http://exchangeserverpro.com/how-to-add-multiple-dns-servers-to-windows-server-2008-core/

Passing Microsoft 70-410 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-410 Dump:

http://www.braindump2go.com/70-410.html


Pages: 1 2 ... 308 309 310 311 312 ... 317 318