Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

70-411 > 70-411 > Flashcards

70-411 Flashcards

1
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the following role services installed: DirectAccess and VPN (RRAS) Network Policy Server
Remote users have client computers that run either Windows XP, Windows 7, or Windows 8.
You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1.
What should you configure on Server1?

A. A condition of a Network Policy Server (NPS) network policy
B. A constraint of a Network Policy Server (NPS) network policy
C. a condition of a Network Policy Server (NPS) connection request policy
D. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy

A

A condition of a Network Policy Server (NPS) network policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients.
Which criteria should you specify when you create the DHCP policy?

A. The client identifier
B. The user class
C. The vendor class
D. The relay agent information

A

The user class

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.
An administrator creates a RADIUS client template named Template1.
You create a RADIUS client named Client1 by using Template 1.
You need to modify the shared secret for Client1.
What should you do first?

A. Configure the Advanced settings of Template1.
B. Set the Shared secret setting of Template1 to Manual. C. Clear Enable this RADIUS client for Client1.
D. Clear Select an existing template for Client1.

A

Clear Select an existing template for Client1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server.
Server1 provides VPN access to external users.
You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.
What should you run?

A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled -SharedSecret “Secret” Purpose Accounting
B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret “Secret”
Purpose Accounting
D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled

A

Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret “Secret”
Purpose Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Servers, and Server4.
Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1.
You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receive connection requests if both Server2 and Server3 are unavailable.
How should you configure Group1?

A. Change the Weight of Server4 to 10.
B. Change the Weight of Server2 and Server3 to 10.
C. Change the Priority of Server2 and Server3 to 10.
D. Change the Priority of Server4 to 10.

A

Change the Priority of Server4 to 10.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your network contains an Active Directory domain named adatum.com.
A network administrator creates a Group Policy central store.
After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates.
You need to ensure that the Administrative Templates appear in new GPOs.
What should you do?

A. Add your user account to the Group Policy Creator Owners group.
B. Configure all domain controllers as global catalog servers.
C. Copy files from %Windir%\Policydefimtions to the central store.
D. Modify the Delegation settings of the new GPOs.

A

Copy files from %Windir%\Policydefimtions to the central store.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise.
You implement a Group Policy central store.
You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers.
You need to deploy the custom registry setting. The solution must minimize administrator effort.
What should you configure in a Group Policy object (GPO)?

A. The Software Installation settings
B. The Administrative Templates
C. An application control policy
D. The Group Policy preferences

A

The Group Policy preferences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1.
Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1.
You need to copy GPO1 from dev.contoso.com to contoso.com.
What should you do first on DC2?

A. From the Group Policy Management console, right-click GPO1 and select Copy.
B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter.
C. Run the Save-NetGpocmdlet.
D. Run the Backup-Gpocmdlet.

A

From the Group Policy Management console, right-click GPO1 and select Copy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.
Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed.
The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers. You need to add a system variable named App1Data to all of the client computers.
Which Group Policy preference should you configure?

A. Environment
B. Ini Files
C. Data Sources
D. Services

A

Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your network contains an Active Directory domain named contoso.com.
All user accounts reside in an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop.
You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again.
What should you do?

A. Enforce GPO1.
B. Modify the Link1 shortcut preference of GPO1.
C. Enable loopback processing in GPO1.
D. Modify the Security Filtering settings of GPO1.

A

Modify the Link1 shortcut preference of GPO1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You manage a server that runs Windows Server 2012 R2. The server has the Windows Deployment Services server role installed.
You have a desktop computer that has the following configuration: Computer name: Computer1 Operating system: Windows 8 MAC address: 20-CF-30-65-D0-87 GUID: 979708BF-C04B-4525-9FE0-C4150BB6C618
You need to configure a pre-staged device for Computer1 in the Windows Deployment Services console.
Which two values should you assign to the device ID? (Each correct answer presents a complete solution. Choose two.)

A. 20CF3065D08700000000000000000000 
B. 979708BFC04B45259FE0C4150BB6C618 
C. 979708BF-C04B-452S-9FE0-C4150BB6C618 
D. 0000000000000000000020CF306SD087 
E. 00000000-0000-0000-0000-C41S0BB6C618
A

979708BF-C04B-452S-9FE0-C4150BB6C618

0000000000000000000020CF306SD087

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have Windows Server 2012 R2 installation media that contains a file named Install.wim. You need to identify the permissions of the mounted images in Install.wim.
What should you do?

A. Run dism.exe and specify the /get-mountedwiminfo parameter.
B. Run imagex.exe and specify the /verify parameter.
C. Run imagex.exe and specify the /ref parameter.
D. Run dism.exe and specify the/get-imageinfo parameter.

A

Run dism.exe and specify the /get-mountedwiminfo parameter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have a server named Server1 that runs Windows Server 2012 R2. You create a Data Collector Set (DCS) named DCS1.
You need to configure DCS1 to log data to D:\logs.
What should you do?

A. Right-click DCS1 and click Properties.
B. Right-click DCS1 and click Export list. . .
C. Right-click DCS1 and click Data Manager. . .
D. Right-click DCS1 and click Save template. . .

A

Right-click DCS1 and click Properties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Server1 and 10 web servers. All of the web servers are in an organizational unit (OU) named WebServers_OU. All of the servers run Windows Server 2012 R2. On Server1, you need to collect the error events from all of the web servers. The solution must ensure that when new web servers are added to WebServers_OU, their error events are collected automatically on Server1.
What should you do?

A. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
B. On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
C. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
D. On Server1, create a collector initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

A

On Server1, create a source computer initiated subscription. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2.
Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. AH of the virtual machines run Windows Server 2008 R2.
You need to view the amount of memory resources and processor resources that VM4 currently uses.
Which tool should you use on Hyperv1?

A. Windows System Resource Manager (WSRM)
B. Task Manager
C. Hyper-V Manager
D. Resource Monitor

A

Hyper-V Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named App1.
Users report that App1 responds more slowly than expected.
You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.
Which performance object should you monitor on Server1?

A. Processor 
B. Hyper-V Hypervisor Virtual Processor 
C. Hyper-V Hypervisor Logical Processor 
D. Hyper-V Hypervisor Root Virtual Processor 
E. Process
A

Hyper-V Hypervisor Logical Processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2.
The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.)
You need to enable access-based enumeration on the DFS namespace.
What should you do first?

A. Raise the domain functional level.
B. Raise the forest functional level.
C. Install the File Server Resource Manager role service on Server3 and Server5.
D. Delete and recreate the namespace.

A

Delete and recreate the namespace.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?

A. auditpol.exe /set /userradmin1 /failure: enable
B. auditpol.exe /set /user: admin1 /category: “detailed tracking” /failure: enable
C. auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure
D. auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga

A

auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You have a server named Server1 that runs Windows Server 2012 R2.
An administrator creates a quota as shown in the Quota exhibit. (Click the Exhibit button.)
You run the dir command as shown in the Dir exhibit. (Click the Exhibit button.)
You need to ensure that D:\Folder1 can only consume 100 MB of disk space.
What should you do?

A. From File Server Resource Manager, create a new quota.
B. From File Server Resource Manager, edit the existing quota.
C. From the Services console, set the Startup Type of the Optimize drives service to Automatic.
D. From the properties of drive D, enable quota management.

A

From File Server Resource Manager, create a new quota.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Your company has a main office and two branch offices. The main office is located in New York. The branch offices are located in Seattle and Chicago.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. Active Directory site links exist between the main office and the branch offices. All servers run Windows Server 2012 R2.
The domain contains three file servers. The file servers are configured as shown in the following table.
You implement a Distributed File System (DFS) replication group named ReplGroup.
ReplGroup is used to replicate a folder on each file server. ReplGroup uses a hub and spoke topology. NYCSVR1 is configured as the hub server.
You need to ensure that replication can occur if NYC-SVR1 fails.
What should you do?

A. Create an Active Directory site link bridge.
B. Create an Active Directory site link.
C. Modify the properties of Rep1Group.
D. Create a connection in Rep1Group.

A

Create a connection in Rep1Group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. Server1 has a share named Share1.
When users without permission to Share1 attempt to access the share, they receive the Access Denied message as shown in the exhibit. (Click the Exhibit button.)
You deploy a new file server named Server2 that runs Windows Server 2012 R2.
You need to configure Server2 to display the same custom Access Denied message as Server1.
What should you install on Server2?

A. The Remote Assistance feature
B. The Storage Services server role
C. The File Server Resource Manager role service
D. The Enhanced Storage feature

A

The File Server Resource Manager role service

22
Q

You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?

A. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Advanced option.
B. From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C. From the File Server Resource Manager console, modify the Email Notifications settings.
D. From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option.

A

From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share - Advanced option.

23
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily. The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of the deleted groups is named Group1. Some of the deleted user accounts are members of some of the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group was deleted. You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A. Mount the most recent Active Directory backup.
B. Reactivate the tombstone of Group1.
C. Perform an authoritative restore of Group1.
D. Use the Recycle Bin to restore Group1.

A

Mount the most recent Active Directory backup.

24
Q

Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers. The domain controllers are configured as shown in the following table.
The network contains a server named Server1 that has the Hyper-v server role installed. DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?

A. Rid master
B. Domain naming master
C. PDC emulator
D. Infrastructure master

A

PDC emulator

25
Q

Your network contains an Active Directory domain named contoso.com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2.
You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.
You log on to DC1 by using an account that is a member of the Domain Admins group.
You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center.
You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?

A. Modify the membership of the Group Policy Creator Owners group.
B. Transfer the PDC emulator operations master role to DC1.
C. Upgrade all of the domain controllers that run Window Server 2008.
D. Raise the functional level of the domain.

A

Raise the functional level of the domain.

26
Q

Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2.
All of the user accounts in the marketing department are members of a group named Contoso\MarketingUsers. All of the computer accounts in the marketing department are members of a group named Contoso \MarketingComputers.
A domain user named User1 is a member of the Contoso\MarketingUsers group. A computer named Computer1 is a member of the Contoso\MarketingComputers group.
You have five Password Settings objects (PSOs). The PSOs are defined as shown in the following table.
When User1 logs on to Computer1 and attempts to change her password, she receives an error message indicating that her password is too short.
You need to tell User1 what her minimum password length is.
What should you tell User1?

A. 10
B. 11
C. 12
D. 14

A

10

27
Q

Your network contains an Active Directory domain named contoso.com. The Active Directory Recycle bin is enabled for contoso.com.
A support technician accidentally deletes a user account named User1. You need to restore the User1 account.
Which tool should you use?

A. Ldp
B. Esentutl
C. Active Directory Administrative Center
D. Ntdsutil

A

Active Directory Administrative Center

28
Q

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?

A. Recover the items by using Active Directory Recycle Bin.
B. Modify the is Recycled attribute of Group1.
C. Perform tombstone reanimation.
D. Perform an authoritative restore.

A

Recover the items by using Active Directory Recycle Bin.

29
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?

A. From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B. From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C. From a command prompt, run the dsmgmt local roles command.
D. From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.

A

From a command prompt, run the dsmgmt local roles command.

30
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?

A. Run the dsamain.exe command.
B. Stop the Active Directory Domain Services (AD DS) service.
C. Start the Volume Shadow Copy Service (VSS).
D. Run the ntdsutil.exe command.

A

Run the dsamain.exe command.

31
Q

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?

A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object.
B. From Active Directory Administrative Center, pre-create an RODC computer account.
C. From Ntdsutil, run the local roles command.
D. Join DC10 to the domain. Run dsmod and specify the /server switch.

A

From Active Directory Administrative Center, pre-create an RODC computer account.

32
Q

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?

A. Dcgpofix 
B. Get-GPOReport 
C. Gpfixup 
D. Gpresult 
E. Gpedit. msc 
F. Import-GPO 
G. Restore-GPO H. Set-GPInheritance 
I. Set-GPLink 
J. Set-GPPermission 
K. Gpupdate 
L. Add-ADGroupMember
A

Set-GPLink

33
Q

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
A network administrator accidentally deletes the Default Domain Policy GPO. You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO.
What should you use?

A. Dcgpofix 
B. Get-GPOReport 
C. Gpfixup 
D. Gpresult 
E. Gpedit. msc 
F. Import-GPO 
G. Restore-GPO 
H. Set-GPInheritance 
I. Set-GPLink 
J. Set-GPPermission
K. Gpupdate 
L. Add-ADGroupMember
A

Dcgpofix

34
Q

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain contains a top-level organizational unit (OU) for each department. A group named Group1 contains members from each department.
You have a GPO named GPO1 that is linked to the domain.
You need to configure GPO1 to apply settings to Group1 only.
What should you use?

A. Dcgpofix 
B. Get-GPOReport 
C. Gpfixup 
D. Gpresult 
E. Gpedit. msc 
F. Import-GPO 
G. Restore-GPO 
H. Set-GPInheritance 
I. Set-GPLink 
J. Set-GPPermission 
K. Gpupdate 
L. Add-ADGroupMember
A

Set-GPPermission

35
Q

Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain is renamed to adatum.com.
Group Policies no longer function correctly.
You need to ensure that the existing GPOs are applied to users and computers. You want to achieve this goal by using the minimum amount of administrative effort.
What should you use?

A. Dcgpofix 
B. Get-GPOReport 
C. Gpfixup 
D. Gpresult 
E. Gpedit. msc 
F. Import-GPO 
G. Restore-GPO 
H. Set-GPInheritance 
I. Set-GPLink 
J. Set-GPPermission
K. Gpupdate 
L. Add-ADGroupMember
A

Gpfixup

36
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You log on to Server1 by using a user account named User2.
From the Remote Access Management Console, you run the Getting Started Wizard and you receive a warning message as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can configure DirectAccess successfully. The solution must minimize the number of permissions assigned to User2.
To which group should you add User2?

A. Enterprise Admins
B. Administrators
C. Account Operators
D. Server Operators

A

Administrators

37
Q

Your network contains an Active Directory domain named contoso.com.
You need to install and configure the Web Application Proxy role service.
What should you do?

A. Install the Active Directory Federation Services server role and the Remote Access server role on different servers.
B. Install the Active Directory Federation Services server role and the Remote Access server role on the same server.
C. Install the Web Server (IIS) server role and the Application Server server role on the same server.
D. Install the Web Server (IIS) server role and the Application Server server role on different servers.

A

Install the Active Directory Federation Services server role and the Remote Access server role on different servers.

38
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 is configured as a VPN server.
You need to configure Server1 to perform network address translation (NAT).
What should you do?

A. From Network Connections, modify the Internet Protocol Version 4 (TCP/IPv4) setting of each network adapter.
B. From Network Connections, modify the Internet Protocol Version 6 (TCP/IPv6) setting of each network adapter.
C. From Routing and Remote Access, add an IPv6 routing protocol.
D. From Routing and Remote Access, add an IPv4 routing protocol.

A

From Routing and Remote Access, add an IPv4 routing protocol.

39
Q

You have a DNS server named Served that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?

A. Show-DNSServerCache B. nslookup.exe
C. ipconfig.exe /displaydns D. dnscacheugc.exe

A

Show-DNSServerCache

40
Q

You have a DNS server named DN51 that runs Windows Server 2012 R2.
On DNS1, you create a standard primary DNS zone named adatum.com.
You need to change the frequency that secondary name servers will replicate the zone from DNS1.
Which type of DNS record should you modify?

A. Name server (NS)
B. Start of authority (SOA)
C. Host information (HINFO)
D. Service location (SRV)

A

Start of Authority (SOA)

41
Q

Your network contains an Active Directory domain named contoso.com. The domain contains three servers. The servers are configured as shown in the following table.
You need to ensure that end-to-end encryption is used between clients and Server2 when the clients connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. From the Remote Access Management Console, reload the configuration.
B. Add Server2 to a security group in Active Directory.
C. Restart the IPSec Policy Agent service on Server2.
D. From the Remote Access Management Console, modify the Infrastructure Servers settings.
E. From the Remote Access Management Console, modify the Application Servers settings.

A

Add Server2 to a security group in Active Directory.

From the Remote Access Management Console, modify the Application Servers settings.
Correct

42
Q

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2.
The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link.
Client computers that connect to Server1 for name resolution cannot resolve names in fabnkam.com.
You need to configure Server1 to support the resolution of names in fabnkam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?

A. Create a stub zone.
B. Add a forwarder.
C. Create a secondary zone.
D. Create a conditional forwarder.

A

Create a secondary zone.

43
Q

Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed.
On Server1, you create a standard primary zone named contoso.com.
You need to ensure that Server2 can host a secondary zone for contoso.com.
What should you do from Server1?

A. Add Server2 as a name server.
B. Create a trust anchor named Server2.
C. Convert contoso.com to an Active Directory-integrated zone.
D. Create a zone delegation that points to Server2.

A

Add Server2 as a name server.

44
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a Web server named www.contoso.com. The Web server is available on the Internet.
You implement DirectAccess by using the default configuration. You need to ensure that users never attempt to connect to www.contoso.com by using DirectAccess. The solution must not prevent the users from using DirectAccess to access other resources in contoso.com.
Which settings should you configure in a Group Policy object (GPO)?

A. DirectAccess Client Experience Settings
B. DNS Client
C. Name Resolution Policy
D. Network Connections

A

Name Resolution Policy

45
Q

Your network contains an Active Directory domain named contoso.com.
All user accounts for the marketing department reside in an organizational unit (OU) named OU1. All user accounts for the finance department reside in an organizational unit (OU) named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop.
You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop. What should you do?

A. Enforce GPO1.
B. Enable loopback processing in GPO1.
C. Modify the Link1 shortcut preference of GPO1.
D. Modify the Security Filtering settings of GPO1.

A

Modify the Security Filtering settings of GPO1.

46
Q

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
All client computers run Windows 8 Enterprise.
DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from User Configuration in GPO1?

A. Policies/Administrative Templates/Network/Windows Connect Now
B. Policies/Administrative Templates/Network/Network Connections
C. Policies/Administrative Templates/Windows Components/Windows Mobility Center
D. Preferences/Control Panel Settings/Network Options

A

Preferences/Control Panel Settings/Network Options

47
Q

Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1.
The network contains a shared folder named FinancialData that contains five files.
You need to ensure that the FinancialData folder and its contents are copied to all of the client computers.
Which two Group Policy preferences should you configure? (Each correct answer presents part of the solution. Choose two.)

A. Shortcuts 
B. Network Shares 
C. Environment 
D. Folders 
E. Files
A

Folders

Files

48
Q

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1.
Which two GPO settings should you identify? (Each correct answer presents part of the solution. Choose two.)

A. The managed Administrative Template settings
B. The unmanaged Administrative Template settings
C. The System Services security settings
D. The Event Log security settings
E. The Restricted Groups security settings

A

The managed Administrative Template settings

The Event Log security settings

49
Q

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8.1 Enterprise and Microsoft Office 2013.
You implement a Group Policy central store.
You need to modify the default Microsoft Office 2013 Save As location for all client computers. The solution must minimize administrative effort.
What should you configure in a Group Policy object (GPO)?

A. The Group Policy preferences
B. An application control policy
C. The Administrative Templates
D. The Software Installation settings

A

The Group Policy preferences

50
Q

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains 200 Group Policy objects (GPOs).
An administrator named Admin1 must be able to add new WMI filters from the Group Policy Management Console (GPMC).
You need to delegate the required permissions to Admin1. The solution must minimize the number of permissions assigned to Admin1.
What should you do?

A. From Active Directory Users and Computers, add Admin1 to the WinRMRemoteWMIUsers__group.
B. From Group Policy Management, assign Creator Owner to Admin1 for the WMI Filters container.
C. From Active Directory Users and Computers, add Admin1 to the Domain Admins group.
D. From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.

A

From Group Policy Management, assign Full control to Admin1 for the WMI Filters container.

70-411 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions