GreatExam provides 100% pass 70-411 exam questions and answers for your Microsoft 70-411 exam. We provide Microsoft 70-411 exam questions from GreatExam dumps and answers for the training of 70-411 practice test.
QUESTION 341
Your network contains an Active Directory domain named contoso.com.
The domain contains a member server named Server1. Server1 has the Web Server (IIS) server role installed.
On Server1, you install a managed service account named Service1.
You attempt to configure the World Wide Web Publishing Service as shown in the exhibit.
You receive the following error message:
“The account name is invalid or does not exist, or the password is invalid for the account name specified.”
You need to ensure that the World Wide Web Publishing Service can log on by using the managed service account.
What should you do?
A. Specify contoso\service1$ as the account name.
B. Specify [email protected] as the account name.
C. Reset the password for the account.
D. Enter and confirm the password for the account.
Answer: A
Explanation:
A managed service account is designed for service applications such as Internet Information Services, SQL Server, or Exchange to provide the following.:
– Automatic password management, so that these services can be separated from other services on the computer better.
– Simplified SPN management Service Principal Name (SPN) that allows
service administrators to set SPNs on these accounts. In addition, SPN
management can be delegated to other administrators.
Managed service accounts are created using PowerShell cmdlets and managed. The accounts are identified by a dollar sign at the end of the login name. After the logon name is correct, the settings are applied and the account will have the right to log on as a service given.
QUESTION 342
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The domain contains three servers that run Windows Server 2012.
The servers are configured as shown in the following table.
Server1 and Server2 are configured in a Network Load Balancing (NLB) cluster.
The NLB cluster hosts a website named Web1 that uses an application pool named App1.
Web1 uses a database named DB1 as its data store.
You create an account named User1.
You configure User1, as the identity of App1.
You need to ensure that contoso.com domain users accessing Web1 connect to DB1 by using their own credentials.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure the delegation settings of Server3.
B. Create a Service Principal Name (SPN) for User1.
C. Configure the delegation settings of User1.
D. Create a matching Service Principal Name (SPN) for Server1 and Server2.
E. Configure the delegation settings of Server1 and Server2.
Answer: BE
Explanation:
To enable impersonation to connect to the database server, the delegation settings for constrained delegation must (computer only trust for delegation to specified services) can be configured. Subsequently, the service principal name can be specified for the identity of the application pool as a delegate service.
The role of the service principal name to authenticate on SQL Server, if an application opens a connection and uses Windows authentication, passes the SQL Server Native Client to SQL Server computer name, -Instanznamen and optionally an SPN. If the connection passes an SPN, it is used without modification.
When the connection is no SPN, a default service principal name is created based on protocol, server name and instance name used. In both scenarios, the Service Principal Name is sent to the Key Distribution Center to a security token for retrieve authenticate the connection. If no security token can be retrieved using NTLM authentication.
A Service Principal Name (SPN, Service Principal Name) is the name that uniquely identifies a client about an instance of a service. The Kerberos authentication service can an SPN to authenticate a service use. When a client wants to connect to a service, it locates an instance of the service, posted an SPN for that instance, connects to the service and transfers the SPN to authenticate to the service.
The preferred method for authenticating users at SQL Server is Windows authentication. Clients that use Windows authentication to authenticate with NTLM or Kerberos. In an Active Directory environment, Kerberos authentication is always performed first. The Kerberos authentication for SQL Server 2005 clients that are using named pipes, not available.
QUESTION 343
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC4 that runs Windows Server 2012.
You create a DCCloneConfig.xml file.
You need to clone DC4.
Where should you place DCCloneConfig.xml on DC4?
A. %Systemroot%\SYSVOL
B. %Programdata%\Microsoft
C. %Systemroot%\NTDS
D. %Systemdrive%
Answer: C
QUESTION 344
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1. On DC1, you add a new volume and you stop the Active Directory Domain Services (AD DS) service.
You run ntdsutil.exe and you set NTDS as the active instance.
You need to move the Active Directory database to the new volume.
Which Ntdsutil context should you use?
A. Configurable Settings
B. Partition management
C. IFM
D. Files
Answer: D
Explanation:
The Ntdsutil utility is used for using the Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).
It allows numerous tasks of maintenance. In order to Volume E both the database file and the associated log files in the directory NTDs: to move, you can successively make the following entries:
Ntdsutil
Activate Instance NTDS
Files
Move DB To E:\NTDS
Move Logs to e:\NTDS
The Ntdsutil utility contains numerous sub-programs:
QUESTION 345
Your network contains an Active Directory domain named adatum.com.
The domain contains a domain controller named DC1.
On DC1, you create a new volume named E.
You restart DC1 in Directory Service Restore Mode.
You open ntdsutil.exe and you set NTDS as the active instance.
You need to move the Active Directory logs to E:\NTDS\.
Which Ntdsutil context should you use?
A. IFM
B. Configurable Settings
C. Partition management
D. Files
Answer: D
Explanation:
A. Aids in modifying the time to live (TTL) of dynamic data that is stored in Active Directory Domain Services (AD DS).
At the configurable setting: prompt, type any of the parameters listed under Syntax.
B. Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).
C. Creates installation media for writable (full) domain controllers, read-only domain controllers (RODCs), and instances of Active Directory Lightweight Directory Services (AD LDS).
D. ntdsutil move db to %s Moves the directory service log files to the new directory specified by %s, and updates the registry so that, upon service restart, the directory service uses the new location. http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc755229(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc730970(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc732530(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc753900(v=ws.10).aspx
QUESTION 346
The contoso.com domain contains 2 domain controllers running Server 2012, AD recycle bin is enabled for the domain.
DC1 is configured to take AD snapshots daily, DC2 is set to take snapshots weekly.
Someone deletes a group containing 100 users, you need to recover this group.
What should you do?
A. Authoritative Restore
B. Non Authoritative Restore
C. Tombstone Reanimation
D. Modify attribute is deleted
Answer: D
Explanation:
a new or significantly improved method for recovery of deleted Active Directory objects was introduced with Windows Server 2008 R2. If the Active Directory Recycle Bin is enabled in a forest, all attributes for a defined period (deletedObjectLifetime, DOL) are retained when you delete an object. Deleted Items can be restored without downtime of the domain controller and retaining all group memberships and permissions via LDAP editor or by using PowerShell cmdlets.
The Active Directory Recycle Bin can so far be considered a development of the tombstone reanimation, in which only the SID of an object is restored and the missing attributes are nachgepflegt example with the aid of an Active Directory snapshots. Deleted items are moved to the Deleted Objects container.
The container can not be displayed with the Active Directory Users and Computers or the ADSI Edit tool. To view the Deleted Objects container, you can use either LDP.exe or the Active Directory Explorer from Sysinternals.
With LDP.exe, the objects can also be restored equal by the boolean value of the attribute isDeleted for the deleted object from TRUE to FALSE is changed.
QUESTION 347
You have a RODC named Server1 running Server 2012.
You need to add a RODC Administrator.
How do you complete the task?
A. dsmgmt.exe
B. ntdsutil
C. Add user to Local Administrator Group on Server1
D. Use Security Group and modify RODC Delegated Administrator
Answer: D
Explanation:
A read-only domain controller (RODC) offers the possibility of dividing the Administrator role. This means that each domain user or security group can be used as a local administrator of an RODC without the user or group must be granted rights to the domain or other domain controllers.
A delegated administrator can log on to an RODC to maintenance work on the Server execute to update z. B. to a driver. The delegated administrator is not, however, be able to log on to another domain controller, or perform other administrative tasks in the domain. In this way, the effective management of RODCs a branch office to a security group from branch office users, instead of individual members of the Domain Admins group are delegated, without jeopardizing the safety of the rest of the domain. Before you install a read-only domain controller can in the wizard for making a account for a read-only domain controller, a user or a group Wreden defined as delegated RODC Administartor.
To grant a user or a group after you install a read-only domain controller local administrator rights for a read-only domain controller (RODC), the settings on the tab can Maintained by be configured in the properties of the computer account of RODC1. can open the Utilities dsmgmt and Ntdsutil for adding a delegated RODC administrator be used.
Microsoft recommends expressly that utilities dsmgmt and Ntdsutil not to be used for this purpose and instead specify a group which the Administrator Role Separation can be controlled.
The background is that the user, the password have been set with the help of dsmgmt or Ntdsutil as delegated RODC administrator can not be easily determined in retrospect.
QUESTION 348
A computer does not support PXE, what kind of image do you need to create?
A. boot
B. install
C. discovery
D. capture
Answer: C
QUESTION 349
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012.
The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created.
GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1.
OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on.
What should you configure?
A. Item-level targeting
B. Group Policy loopback processing mode
C. the Enforced setting
D. Block Inheritance
Answer: B
Explanation:
Due to the policy setting loopback User Group Policy in the path Computer Configuration \ Administrative Templates \ System \ Group Policy the set of GPOs applied to the computer for each user who logs on to a computer, this setting applies. This setting is intended for computers with a special purpose, eg. As for computers in public, in laboratories or classrooms where the user settings must be changed depending on your computer. By default is set by the GPOs the user, which user settings are applied. If you enable this policy setting, but the GPOs the computer determine when the user logs, which rate is applied GPOs. If you enable this policy setting, you can select one of the following modes from the “Mode” field:
“Replace” indicates that the conditions laid down in the Group Policy objects for the computer user settings replace the user settings normally applied to the user.
“Merge” indicates that the conditions laid down in the Group Policy objects for the computer user settings and the user settings normally applied are combined. If the settings conflict, putting the user settings in Group Policy on the computer of the user override the normal settings.
If you disable this setting or do not configure determine the user’s GPOs, which user settings are applied.
QUESTION 350
From where can you enable NAT?
A. Routing and Remote Access ==> IPv4 ==> Create new Routing Protocol
B. Missing
C. Missing
D. Missing
Answer: A
QUESTION 351
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. One of the domain controllers is named DC1.
The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system.
You plan to use Server1 as a secondary DNS server for the contoso.com zone.
You need to ensure that Server1 can host a secondary copy of the contoso.com zone.
What should you do?
A. From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify the contoso.com zone as a target.
B. From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.
C. From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone as a target.
D. From DNS Manager, modify the Advanced settings of DC1.
Answer: C
Explanation:
By default, allowed no zone transfer to other DNS servers for Active Directory-integrated zone. The replication of zone data is in Active Directory-integrated zones solely within the framework of the Active Directory replication.
To enable Server1 obtaining the zone data, the settings of the zone transfer for certbase.de need to be changed. This can either be on the characteristics of the zone in DNS Manager or by using the PowerShell cmdlet Set-DnsServerPrimaryZone done.
QUESTION 352
You are the administrator of an Active Directory Domain Services (AD DS) domain named contoso.com. The domain has a Microsoft Windows Server 2012 R2 server named Contoso-SR05 that hosts the File and Storage Services server role.
Contoso-SR05 hosts a shared folder named userData.
You want to receive an email alert when a multimedia file is saved to the userData folder.
Which tool should you use?
A. You should use File Management Tasks in File Server Resource Manager.
B. You should use File Screen Management in File Server Resource Manager.
C. You should use Quota Management in File Server Resource Manager.
D. You should use File Management Tasks in File Server Resource Manager.
E. You should use Storage Reports in File Server Resource Manager.
Answer: B
QUESTION 353
You have two servers, Server 1 and server 2.
You create a custom data collector set DCS1 on Server 1.
You need to export DCS1 from Server 1 to Server2.
What should you do?
A. Right click on DCS1 and click on Export list
B. Right click on DCS1 and click on Save template
C. Right click on DCS1 and click on Data Manager
D. Right click on DCS1 and click on Export manager
Answer: B
Explanation:
The function Save Template … lets you export the definition of a data collector set in an XML file. Subsequently, the Data Collector Set can be imported on Server2.
QUESTION 354
You administrate an Active Directory domain named EnsurePass.com.
The domain has a Microsoft Windows Server 2012 R2 server named EP-SR01 that hosts the File Server Resource Manager role service.
You are configuring quota threshold and want to receive an email alert when 80% of the quota has been reached.
Where would you enable the email alert?
A. You should consider creating a Data Collector Set (DCS).
B. You should use Windows Resource Monitor.
C. You should use the File Server Resource Manager.
D. You should use Disk Quota Tools.
E. You should use Performance Logs and Alerts.
Answer: C
Explanation:
To make use of email alerts, you need to configure the SMTP Server address details in the File Server Resource Manager options.
QUESTION 355
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify which domain controllers are authorized to be cloned using virtual domain controller cloning.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: A
QUESTION 356
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify which security principals are authorized to have their password cached on RODC1? Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: B
QUESTION 357
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. Determine what domain controller needs to be online to promote a RODC.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: D
QUESTION 358
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012.
All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01.
All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. What accounts are allowed to replicate their password with the RODC? Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: B
QUESTION 359
Note: This Question is part of series of question that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify whose passwords can be stored, view stored passwords.
Which cmdlet should you use?
A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy
Answer: C
QUESTION 360
You have a DNS server that runs Windows Server 2012 R2.
The server hosts the zone for contoso.com and is accessible from the internet.
You need to create a DNS record for the Sender Policy Framework (SPF) to list that are authorized ti send email for contoso.com
Which type of record should you create?
A. Name Server (NS)
B. Mail.exchanger (MX)
C. Resource record signature (RRSIG)
D. Text (TXT)
Answer: D
Explanation:
http://mediatemple.net/community/products/dv/204404314/how-can-i-create-an-spf-record-for-my-domain
http://en.wikipedia.org/wiki/Sender_Policy_Framework
GreatExam is the leader in 70-411 certification test questions with training materials for Microsoft 70-411 exam dumps. GreatExam Microsoft training tools are constantly being revised and updated. We 100% guarantee Microsoft 70-411 exam questions with quality and reliability which will help you pass Microsoft 70-411 exam.