(New Updated) Not Hard At All Pass 70-411 Exam By Training PassLeader New Microsoft 70-411 PDF And VCE Dumps (201-220)
100% Pass 70-411 Guide: PassLeader now supplying the new version of 70-411 301q exam vce dumps, we ensure our exam questions are the most complete and authoritative compared with others’, which will ensure your 70-411 exam 100% pass, and now we are offering the free new version VCE Player along with the VCE format 70-411 braindump, also the PDF format 70-411 301q practice test is available now, welcome to choose.
QUESTION 201
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The contoso.com zone is Active Directory-integrated and configured to replicate to all of the domain controllers in the contoso.com domain. Server1 has a DNS record in the contoso.com zone. You need to verify when the DNS record for Server1 was last updated. In which Active Directory partition should you view the DNS record of Server1? To answer, select the appropriate Active Directory partition in the answer area.
QUESTION 202
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 has the Windows Server Update Services (WSUS) server role installed. WSUS is configured to use a Windows Internal Database. Server2 has Microsoft SQL Server 2008 R2 Standard deployed. You detach the SUSDB database from Server1 and attach the database to Server2. You need to ensure that Windows Deployment Services (WDS) on Server1 uses the database hosted on Server2. What should you do on Server1?
A. Configure an ODBC file data source.
B. Run the wsusutil command.
C. Edit the registry.
D. Configure an ODBC system data source.
Answer: C
Explanation:
Find the following key:
HKLM\SOFTWARE\Microsoft\UpdateServices\Server\Setup\SqlServerName. In the Value data box, type [BEName]\[InstanceName], and then click OK. If the instance name is the default instance, type [BEName]. Find the following key: HKLM\Software\Microsoft\Update Services\Server\Setup\wYukonInstalled. In the Value box, type 0, and then click OK.
http://technet.microsoft.com/en-us/library/cc708558(WS.10).aspx
QUESTION 203
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso\MarketingComputers. A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group. You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short. You need to tell User1 what her minimum password length is. What should you tell User1?
A. 10
B. 11
C. 12
D. 14
Answer: D
Explanation:
One PSO has a precedence value of 2 and the other PSO has a precedence value of 4. In this case, the PSO that has the precedence value of 2 has a higher rank and, hence, is applied to the object.
QUESTION 204
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. You log on to Server1 by using a user account named User2. From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2. To which group should you add User2?
A. Enterprise Admins
B. Administrators
C. Server Operators
D. Account Operators
Answer: B
Explanation:
You must have privileges to create WMI filters in the domain in which you want to create the filter. Permissions can be changed by adding a user to the Administrators group. Administrators (A built-in group). After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group. The Administrators group has built-in capabilities that give its members full control over the system. The group is the default owner of any object that is created by a member of the group. This example logs in as a test user who is not a domain user or an administrator on the server. This results in the error specifying that DA can only be configured by a user with local administrator permissions.
http://technet.microsoft.com/en-us/library/cc780416(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc775497(v=ws.10).aspx
QUESTION 205
Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The main office contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is a DNS server and hosts a primary zone for contoso.com. The branch office contains a member server named Server1 that runs Windows Server 2012 R2. Server1 is a DNS server and hosts a secondary zone for contoso.com. The main office connects to the branch office by using an unreliable WAN link. You need to ensure that Server1 can resolve names in contoso.com if the WAN link in unavailable for three days. Which setting should you modify in the start of authority (SOA) record?
A. Retry interval
B. Minimum (default) TTL
C. Refresh interval
D. Expires after
Answer: D
Explanation:
Refresh interval. Used to determine how often other DNS servers that load and host the zone must attempt to renew the zone. Retry interval. Used to determine how often other DNS servers that load and host the zone are to retry a request for update of the zone each time that the refresh interval occurs. Expire interval. Used by other DNS servers that are configured to load and host the zone to determine when zone data expires if it is not renewed.
QUESTION 206
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. You plan to deploy 802.1x authentication to secure the wireless network. You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.lx deployment. Which authentication method should you identify?
A. PEAP-MS-CHAP v2
B. MS-CHAP v2
C. EAP-TLS
D. MS-CHAP
Answer: C
Explanation:
802. 1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials.
EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificatebased security environments, and it provides the strongest authentication and key determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.
QUESTION 207
Your network contains an Active Directory domain named contoso.com. AH servers run Windows Server 2012 R2. The domain contains a server named Server1. You install the Windows PowerShell Web Access gateway on Server1. You need to provide administrators with the ability to manage the servers in the domain by using the Windows PowerShell Web Access gateway. Which two cmdlets should you run on Server1? (Each correct answer presents part of the solution. Choose two.)
A. Set-WSManQuickConfig
B. Set-WSManInstance
C. Add-PswaAuthorizationRule
D. Set-BCAuthentication
E. Install-Pswa Web Application
Answer: CE
QUESTION 208
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2 contains a user named User1. User1 is the member of a group named Group1. Group1 is in the Users container. You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be applied to User1. Which three GPOs should you identify in sequence? To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them in the correct order.
QUESTION 209
Hotspot Question
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has two network adapters and is located in a perimeter network. You need to install the RIP version 2 routing protocol on Server1. Which node should you use to add the RIP version 2 routing protocol? To answer, select the appropriate node in the answer area.
QUESTION 210
Hotspot Question
Your network contains an Active Directory domain named contoso.com. All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active Directory-integrated. An administrator modifies the start of authority (SOA) record for the adatum.com zone. After the modification, you discover that when you add or modify DNS records in the adatum.com zone, the changes are not transferred to the DNS servers that host secondary copies of the adatum.com zone. You need to ensure that the records are transferred to all the copies of the adatum.com zone. What should you modify in the SOA record for the adatum.com zone? To answer, select the appropriate setting in the answer area.
http://www.passleader.com/70-411.html
QUESTION 211
Your network contains an Active Directory domain named contoso. com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2. You deploy a new domain controller named DC1 that runs Windows Server 2012 R2. You log on to DC1 by using an account that is a member of the Domain Admins group. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center. You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?
A. Modify the membership of the Group Policy Creator Owners group.
B. Transfer the PDC emulator operations master role to DC1.
C. Upgrade all of the domain controllers that run Window Server 2008.
D. Raise the functional level of the domain.
Answer: D
Explanation:
Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
http://technet.microsoft.com/en-us//library/cc754461%28v=ws.10%29.aspx
QUESTION 212
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 200 Group Policy objects (GPOs) and 100 WMI filters. An administrator named Admin1 must be able to create new WMI filters and edit all of the existing WMI filters from the Group Policy Management Console (GPMC). You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1. What should you do?
A. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.
B. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
C. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
D. From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers__group.
Answer: A
Explanation:
Users with Full control permissions can create and control all WMI filters in the domain, including WMI filters created by others. Users with Creator owner permissions can create WMI filters, but can only control WMI filters that they create.
http://technet.microsoft.com/en-us/library/cc757429(v=ws.10).aspx
QUESTION 213
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Windows Server Update Services server role installed. All client computers are configured to download updates from Server1. You have a Group Policy object (GPO) named GPO1 that is linked to an organizational unit (OU) named Sales_OU. You need to ensure that all of the computers in Sales_OU are added to a Windows Server Update Services (WSUS) computer group named SalesComputers. Which setting should you configure in the GPO? To answer, select the appropriate setting in the answer area.
QUESTION 214
Your network contains three Network Policy Server (NPS) servers named NPS1, NPS2, and NPS3. NPS1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1. You need to ensure that NPS2 receives connection requests. NPS3 must only receive connection requests if NPS2 is unavailable. How should you configure Group1?
A. Change the Weight of NPS2 to 10.
B. Change the Weight of NPS3 to 10.
C. Change the Priority of NPS2 to 10.
D. Change the Priority of NPS3 to 10.
Answer: D
Explanation:
Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.
QUESTION 215
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server2, Server3, and Server4. Server2 and Server4 host a Distributed File System (DFS) namespace named Namespace1. You open the DFS Management console as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
QUESTION 216
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. You plan to use fine-grained password policies to customize the password policy settings of contoso.com. You need to identify to which Active Directory object types you can directly apply the fine-grained password policies. Which two object types should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Domain local groups
B. Computers
C. Universal groups
D. Global groups
E. Users
Answer: DE
Explanation:
First off, your domain functional level must be at Windows Server 2008. Second, Fine-grained password policies ONLY apply to user objects, and global security groups. Linking them to universal or domain local groups is ineffective. I know what you’re thinking, what about OU’s? Nope, Fine-grained password policy cannot be applied to an organizational unit (OU) directly. The third thing to keep in mind is, by default only members of the Domain Admins group can set fine-grained password policies. However, you can delegate this ability to other users if needed. Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. You can apply Password Settings objects (PSOs) to users or global security groups:
http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc731589%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc770848%28v=ws.10%29.aspx
http://www.brandonlawson.com/active-directory/creating-fine-grained-password-policies/
QUESTION 217
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1. You need to update the PATH variable on all of the client computers. Which Group Policy preference should you configure?
A. Ini Files
B. Services
C. Environment
D. Data Sources
Answer: C
Explanation:
Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension.
QUESTION 218
Your network has a router named Router1 that provides access to the Internet. You have a server named Server1 that runs Windows Server 2012 R2. Server1 to use Router1 as the default gateway. A new router named Router2 is added to the network. Router2 provides access to the Internet. The IP address of the internal interface on Router2 is 10.1.14.254. You need to configure Server1 to use Router2 to connect to the Internet if Router1 fails. What should you do on Server1?
A. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 500.
B. Add 10.1.14.254 as a gateway and set the metric to 500.
C. Add a route for 10.1.14.0/24 that uses 10.1.14.254 as the gateway and set the metric to 1.
D. Add 10.1.14.254 as a gateway and set the metric to 1.
Answer: B
Explanation:
To configure the Automatic Metric feature:
1. In Control Panel, double-click Network Connections.
2. Right-click a network interface, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. On the General tab, click Advanced.
5. To specify a metric, on the IP Settings tab, click to clear the Automatic metric check box, and then enter the metric that you want in the Interface Metric field.
To manually add routes for IPv4:
Open the Command Prompt window by clicking the Start button Picture of the Start button.
In the search box, type Command Prompt, and then, in the list of results, click Command Prompt.
At the command prompt, type route -p add [destination] [mask <netmask>] [gateway]
[metric <metric>] [if <interface>].
QUESTION 219
Your network contains and Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Server 2012. You need to collect the error events from all the servers on Server1. The solution ensure that when new servers are added to the domain, their error events are collected automatically on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, create a source computer initiated subscription.
B. From a Group Policy object (GPO), configure the Configure forwarder resource usage settings.
C. From a Group Policy object (GPO), configure the Configure target Subscription Manager settings.
D. On Server1, create a collector initiated subscription.
Answer: AC
Explanation:
A. Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer.
C. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting.
http://technet.microsoft.com/en-us/library/cc722010.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx
QUESTION 220
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. DirectAccess is deployed to the network. Remote users connect to the DirectAccess server by using a variety of network speeds. The remote users report that sometimes their connection is very slow. You need to minimize Group Policy processing across all wireless wide area network (WWAN) connections. Which Group Policy setting should you configure?
A. Configure Group Policy slow link detection.
B. Configure wireless policy processing.
C. Change Group Policy processing to run asynchronously when a slow network connection is detected.
D. Configure Direct Access connections as a fast network connection.
Answer: A