We never believe in second chances and Braindump2go brings you the best 70-411 Exam Preparation Materials which will make you pass in the first attempt.We guarantee all questions and answers in our 70-411 Dumps are the latest released, we check all exam dumps questions from time to time according to Microsoft Official Center, in order to guarantee you can read the latest questions!
Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2.
You add a VPN server named Server2 to the network. On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
C. Remote Access Management Console
D. Routing and Remote Access
There are two configurations need to be done in Server1. First is to create a RADIUS client, and second, create a network policy. The network policy has been created. So we need to use New-NpsRadiusClient to create a RADIUS client.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?
A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that support virtual local area networks (VLANs), you can configure Network Policy Server (NPS) network policy to instruct the access servers to place members of Active Directory® groups on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain Services (AD DS) that you want to assign to specific VLANs. Then when you run the New Network Policy wizard, add the Active Directory group as a condition of the network policy.
You can create a separate network policy for each group that you want to assign to a VLAN. For more information, see Create a Group for a Network Policy. When you configure network policy for use with VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-Group-ID, and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-Tag.
To configure these attributes in a network policy, use the New Network Policy wizard to create a network policy. You can add the attributes to the network policy settings while running the wizard or after you have successfully created a policy with the wizard.
Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the New Network Policy wizard. For example, if the network policy you are configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. For example, if you want to create a Sales VLAN for your sales team by assigning team members to VLAN 4, type the number 4.
Tunnel-Type. Select the value Virtual LANs (VLAN).
Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this attribute, obtain this value from your hardware documentation.
You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that willApply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?
A. The relay agent information
B. The client identifier
C. The vendor class
D. The user class
To configure a NAP-enabled DHCP server
– On the DHCP server, click Start, click Run, in Open, type dhcpmgmt.smc, and then press ENTER.
– In the DHCP console, open <servername>\IPv4.
– Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.
– On the Network Access Protection tab, under Network Access Protection Settings, choose – Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK. In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, and then click Configure Options.
– On the Advanced tab, verify that Default User Class is selected next to User class.
– Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add.
– Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add.
– Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization’s domain name (for example, woodgrovebank.local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.
– On the Advanced tab, next to User class, choose Default Network Access Protection Class.
– Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.
– Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.
– Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.woodgrovebank.local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients.
– Click OK to close the Scope Options dialog box.
– Close the DHCP console.
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role installed.
You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using the Network Policy Server (NPS) templates.
Which three settings should you identify? (Each answer presents part of the solution.
A. IP filters
B. shared secrets
C. health policies
D. network policies
E. connection request policies
You are the network administrator for a midsize computer company.
You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain.
You want to make sure only domain computers register with your DNS servers.
What should you do to resolve this issue?
A. Set dynamic updates to None.
B. Set dynamic updates to Nonsecure And Secure.
C. Set dynamic updates to Domain Users Only.
D. Set dynamic updates to Secure Only.
A system administrator is trying to determine which file system to use for a server that will become a Windows Server 2012 R2 file server and domain controller. The company has the following requirements:
The file system must allow for file-level security from within Windows 2012 Server.
The file system must make efficient use of space on large partitions.
The domain controller SYSVOL must be stored on the partition
Which of the following file systems meets these requirements?
You need to create a new user account using the command prompt.
Which command would you use?
You are hired as a consultant to the ABC Company. The owner of the company complains that she continues to have Desktop wallpaper that she did not choose. When you speak with the IT team, you find out that a former employee created 20 GPOs and they have not been able to figure out which GPO is changing the owner’s Desktop wallpaper.
How can you resolve this issue?
A. Run the RSoP utility against all forest computer accounts
B. Run the RSoP utility against the owner’s computer account
C. Run the RSoP utility against the owner’s user account
D. Run the RSoP utility against all domain computer accounts.
You need to enable three of your domain controllers as global catalog servers.
Where would you configure the domain controllers as global catalogs?
A. Forest, NTDS settings
B. Domain, NTDS settings
C. Site, NTDS settings
D. Server, NTDS settings
You are the network administrator for your organization.
Your company uses a Windows Server 2012 R2 Enterprise certification authority to issue certificates.
You need to start using key archival.
What should you do?
A. Implement a distribution CRL.
B. Install the smart card key retrieval.
C. Implement a Group Policy object (GPO) that enables the Online Certificate Status Protocol (OCSP) responder.
D. Archive the private key on the server.
You wants to change the memory of a virtual machine that is currently powered up.
What does he need to do?
A. Shut down the virtual machine, use the virtual machine’s settings to change the memory, and start it again.
B. Use the virtual machine’s settings to change the memory
C. Pause the virtual machine, use the virtual machine’s settings to change the memory, and resume it.
D. Save the virtual machine, use the virtual machine’s settings to change the memory, and resume it.
You need to stop an application from running in Task Manager.
Which tab would you use to stop an application from running?
You upgraded all of your locations to Windows Server 2012 R2 and implemented the routing capability built into the servers.
You chose to implement RIP. After implementing the routers, you discover that routes that you don’t want your network to consider are updating your RIP routing tables.
What can you do to control which networks the RIP routing protocol will communicate with on your network?
A. Configure TCP/IP filtering
B. Configure RIP route filtering
C. Configure IP packet filtering
D. Configure RIP peer filtering
E. There is no way to control this behavior
RIP route filters allow you to configure your routers to either ignore or accept updates from specific network addresses or a range of addresses. TCP/IP filtering is configured at each individual host to control the traffic at a granular level, such as a specific address, UDP port, or TCP port. IP packet filtering is used on the router interface to control IP traffic based on subnet masks, IP address, or port.
RIP peer filtering is used to control communication between individual routers rather than control the entire network address.
Your company has offices in five locations around the country. Most of the users’ activity is local to their own network. Occasionally, some of the users in one location need to send confidential information to one of the other four locations or to retrieve information from one of them. The communication between the remote locations is sporadic and relatively infrequent, so you have configured RRAS to use demand-dial lines to set up the connections. Management’s only requirement is that any communication between the office locations be appropriately secured. Which of the following steps should you take to ensure compliance with this requirement? (Choose all that apply.)
A. Configure CHAP on all the RRAS servers.
B. Configure PAP on all the RRAS servers.
C. Configure MPPE on all the RRAS servers.
D. Configure L2TP on all the RRAS servers.
E. Configure MS-CHAPv2 on all the RRAS servers.
Dial-up connection is necessary so recommended User Authentication Protocol is MS- CHAP v2 and encryption method is MPPE.
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. From Dsmgmt, run the local roles command.
B. From Active Directory Administrative Center, modify the security settings of the Domain Controllers
organizational unit (OU).
C. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com
D. From Active Directory Users and Computers, pre-create an RODC computer account.
A staged read only domain controller (RODC) installation works in two discrete phases:
1.Staging an unoccupied computer account
2.Attaching an RODC to that account during promotion
Braindump2go New Updated 70-411 Exa Dumps are Complete Microsoft 70-411 Course Coverage! 100% Real Questions and Correct Answers Guaranteed! Updated 70-411 Preparation Material with Questions and Answers PDF Instant Download: