Pass 70-417 exam with the latest GreatExam 70-417 dumps: GreatExam 70-417 exam questions and answers in PDF are prepared by our experts. Moreover, they are based on the recommended syllabus that covering all the 70-417 exam objectives.
QUESTION 221
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 hosts an Application named App1.
You need to ensure that Server2 handles all of the client requests to the cluster for App1.
The solution must ensure that if Server2 fails, Server1 becomes the active node for App1.
What should you configure?
A. Affinity – None
B. Affinity – Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: J
Explanation:
The preferred owner in a 2 server cluster will always be the active node unless it is down.
http://www.sqlservercentral.com/Forums/Topic1174454-146-1.aspx#bm1174835
Difference between possible owners and preferred owners Possible owners are defined at the resource level and dictate which nodes in the Windows cluster are able to service this resource For instance, you have a 3 node cluster with Node A, Node B and Node C. You have a clustered disk resource “MyClusteredDisk”, if you remove Node C from the possible owners of the clustered disk resource “MyClusteredDisk” then this disk will never be failed over to Node C. Preferred owners are defined at the resource group level and define the preferred node ownership within the Windows cluster For instance, you have a 3 node cluster with Node A, Node B and Node C. You have a cluster resource group “MyClusteredGroup” which contains various disk, IP, network name and service resources. Nodes A, B and C are all possible owners but Node B is set as the preferred owner and is currently the active node. The resource group fails over to Node C as Node B stops responding on the Public network due to a failed NIC. In the Resource group properties on the failback tab you have this set to immediate. You fix the NIC issue on Node B and bring it back up on the network. The resource group currently active on Node C will without warning immediately attempt to failback to Node B. Not a good idea if this is a Production SQL Server instance, so use caution when configuring preferred owners and failback
http://support.microsoft.com/kb/299631/en-us
Failover behavior on clusters of three or more nodes
This article documents the logic by which groups fail from one node to another when there are 3 or more cluster node members. The movement of a group can be caused by an administrator who manually moves a group or by a node or resource failure. Where the group moves depends on how the move is initiated and whether the Preferred Owner list is set.
QUESTION 222
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured as nodes in an NLB cluster named Cluster1. Cluster1 hosts a secure web Application named WebApp1. WebApp1 saves user state information locally on each node.
You need to ensure that when users connect to WebApp1, their session state is maintained. What should you configure?
A. Affinity – None
B. Affinity – Single
C. The cluster quorum settings
D. The failover settings
E. A file server for general use
F. The Handling priority
G. The host priority
H. Live migration
I. The possible owner
J. The preferred owner
K. Quick migration
L. The Scale-Out File Server
Answer: B
Explanation:
Even though Network Load Balancing (NLB) hasn’t changed significantly since Windows Server 2008 and isn’t mentioned in this chapter, be sure to review the feature and its configurable options. For example, remember that in port rules for Network Load Balancing clusters, the Affinity setting determines how you want multiple connections from the same client handled by the NLB cluster. “Affinity: Single” redirects clients back to the same cluster host. “Affinity: Network” redirects clients from the local subnet to the cluster host.
“Affinity: None” doesn’t redirect multiple connections from the same client back to the same cluster host.
http://technet.microsoft.com/en-us/library/bb687542.aspx
Using NLB
Client Affinity
NLB offers three types of client affinity to minimize response time to clients and provide generic support for preserving session state. Each affinity specifies a different method for distributing client requests. In Application Center, the New Cluster Wizard sets affinity to Single by default. Later, you can use the cluster Properties dialog box to modify the affinity. The following table describes the three types of affinity.
No Affinity
With No affinity, NLB does not associate clients with a particular member. Every client request can be load balanced to any member. This affinity provides the best performance but might disrupt clients with established sessions, because subsequent requests might be load balanced to other members where the session information does not exist. Single Affinity In Single affinity, NLB associates clients with particular members by using the client’s IP address. Thus, requests coming from the same client IP address always reach the same member. This affinity provides the best support for clients that use sessions on an intranet. These clients cannot use No affinity because their sessions could be disrupted. Additionally, these clients cannot use Class C affinity because intranet clients typically have IP addresses within a narrow range. It is likely that this range is so narrow that all clients on an intranet have the same Class C address, which means that one member might process all of the requests while other members remain idle.
Class C Affinity With Class C affinity, NLB associates clients with particular members by using the Class C portion of the client’s IP address. Thus, clients coming from the same Class C address range always access the same member. This affinity provides the best performance for clusters serving the Internet. Bb687542.note(en- us,TechNet.10).gif Note It is not efficient for Internet clients to use Single affinity because, in Single affinity, NLB load balances each client by the client’s entire IP address, which can span a broad range. By using Class C affinity, NLB associates clients with only the same Class C portion of the IP address with particular members. Therefore, you essentially reduce the range of IP addresses by which NLB load balances clients.
QUESTION 223
Hotspot Question
Your network contains an Active Directory domain named corp.contoso.com.
The domain contains two member servers named Server1 and Edge1.
Both servers run Windows Server 2012 R2.
Your company wants to implement a central location where the system events from all of the servers in the domain will be collected.
From Server1, a network technician creates a collector-initiated subscription for Edge1.
You discover that Server1 does not contain any events from Edge1.
You view the runtime status of the subscription as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the system events from Edge1 are collected on Server1.
What should you modify? To answer, select the appropriate object in the answer area.
Answer:
QUESTION 224
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gptedit.msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: I
Explanation:
http://technet.microsoft.com/en-us/library/ee461022.aspx
QUESTION 225
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2003, Windows Server 2008 R2, or Windows Server 2012 R2.
A support technician accidentally deletes a user account named User1.
You need to use tombstone reanimation to restore the User1 account.
Which tool should you use?
A. Esentutl
B. Ldp
C. Ntdsutil
D. Active Directory Administrative Center
Answer: B
Explanation:
ADAC would be the perfect solution if this environment was in 2008 R2 functional level; however it is currently below that due to there being a Windows Server 2003 DC.
This means you must use the LDP utility as previously.
http://technet.microsoft.com/en-us/library/hh831702.aspx
QUESTION 226
Your network contains three servers named Server1, Server2, and Server3.
All servers run Windows Server 2012 R2.
You need to ensure that Server1 can provide iSCSI storage for Server2 and Server3.
What should you do on Server1?
A. Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties.
B. Install the iSNS Server service feature and create a Discovery Domain.
C. Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.
D. Install the iSCSI Target Server role service and configure iSCSI targets.
Answer: D
Explanation:
iSCSI: it is an industry standard protocol allow sharing block storage over the Ethernet. The server shares the storage is called iSCSI Target. The server (machine) consumes the storage is called iSCSI initiator. Typically, the iSCSI initiator is an application server.
For example, iSCSI Target provides storage to a SQL server, the SQL server will be the iSCSI initiator in this deployment.
Target: It is an object which allows the iSCSI initiator to make a connection.
The Target keeps track of the initiators which are allowed to be connected to it.
The Target also keeps track of the iSCSI virtual disks which are associated with it. Once the initiator establishes the connection to the Target, all the iSCSI virtual disks associated with the Target will be accessible by the initiator.
iSCSI Target Server:
The server runs the iSCSI Target. It is also the iSCSI Target role name in Windows Server 2012.
http://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-of-iscsi-target-in-windows-server-2012.aspx
QUESTION 227
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain- joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Users and Computers
B. Active Directory Sites and Services
C. The Certificates snap-in
D. Server Manager
Answer: A
Explanation:
Disabling or enabling a user account
To open Active Directory Users and Computers, click Start , click Control Panel , double-click Administrative Tools , and then double-click Active Directory Users and Computers .
To open Active Directory Users and Computers in Windows Server 2012, click Start , type dsa.msc .
In the console tree, click Users .
In the details pane, right-click the user.
Depending on the status of the account, do one of the following:
To disable the account, click Disable Account .
To enable the account, click Enable Account .
QUESTION 228
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2.
Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a cluster disk resource.
A developer creates an application named App1. App1 is NOT a cluster-aware application.
App1 runs as a service. App1 stores date on the cluster disk resource.
You need to ensure that App1 runs in Cluster1. The solution must minimize development effort.
Which cmdlet should you run?
A. Add-ClusterGenericServiceRole
B. Add-ClusterGenericApplicationRole
C. Add-ClusterScaleOutFileServerRole
D. Add-ClusterServerRole
Answer: B
Explanation:
Configure high availability for an application that was not originally designed to run in a failover cluster.
If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over
http://technet.microsoft.com/en-us/library/ee460976.aspx
QUESTION 229
Your network contains an Active Directory domain named contoso.com.
A previous administrator implemented a Proof of Concept installation of Active Directory Rights Management Services (AD RMS).
After the proof of concept was complete, the Active Directory Rights Management Services server role was removed.
You attempt to deploy AD RMS.
During the configuration of AD RMS, you receive an error message indicating that an existing AD RMS Service Connection Point (SCP) was found.
You need to remove the existing AD RMS SCP.
Which tool should you use?
A. Active Directory Users and Computers
B. Authorization Manager
C. Active Directory Domains and Trusts
D. Active Directory Sites and Services
Answer: D
QUESTION 230
You have a server named SCI that runs a Server Core Installation of Windows Server 2012 R2. Shadow copies are enabled on all volumes.
You need to delete a specific shadow copy.
The solution must minimize server downtime.
Which tool should you use?
A. Shadow
B. Diskshadow
C. Wbadmin
D. Diskpart
Answer: B
Explanation:
DiskShadow.exe is a tool that exposes the functionality offered by the Volume Shadow Copy Service (VSS).
The diskshadow command delete shadows deletes shadow copies.
QUESTION 231
Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2012 R2.
All servers have the Hyper-V server role and the Failover Clustering feature installed.
You need to replicate virtual machines from Cluster1 to Cluster2.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. From Hyper-V Manager on a node in Cluster2, create three virtual machines.
B. From Cluster2, add and configure the Hyper-V Replica Broker role.
C. From Failover Cluster Manager on Cluster1, configure each virtual machine for replication.
D. From Cluster1, add and configure the Hyper-V Replica Broker role.
E. From Hyper-V Manager on a node in Cluster2/ modify the Hyper-V settings.
Answer: BCD
Explanation:
These are two clusters, to replicate any VM to a cluster you need to configure the Replica Broker role on each cluster the last step should be enabling replication on the VMs.
QUESTION 232
You have a server named Server1 that runs Windows Server 2012 R2.
Each day, Server1 is backed up fully to an external disk.
On Server1, the disk that contains the operating system fails.
You replace the failed disk.
You need to perform a bare-metal recovery of Server1 by using the Windows Recovery
Environment (Windows RE).
What should you do?
A. Run the Start-WBVolumeRecovery cmdlet and specify the -backupset parameter.
B. Run the Get-WBBareMetalRecovery cmdlet and specify the -policy parameter.
C. Run the wbadmin.exe start recovery command and specify the -recoverytarget parameter.
D. Run the wbadmin.exe start sysrecovery command and specify the -backuptarget parameter.
Answer: D
Explanation:
wbadmin start sysrecovery
Performs a system recovery (bare metal recovery) using the parameters that you specify.
This subcommand can be run only from the Windows Recovery Environment, and it is not listed by default in the usage text of Wbadmin.
QUESTION 233
You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtualiSCSI1.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.)
You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target.
VirtualiSCSIl.vhd is removed from LON-DC1.
You need to assign VirtualiSCSI2.vhd a logical unit value of 0.
What should you do?
A. Modify the properties of the itgt ISCSI target.
B. Modify the properties of the VirtualiSCSI2.vhd iSCSI virtual disk.
C. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.
D. Run the iscsicli command and specify the reportluns parameter.
Answer: B
Explanation:
The virtual disk has the option to change the lun ID, no other option available in the answers appear to allow this change.
Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical entities called targets.
QUESTION 234
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain- joined client computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain.
The solution must not prevent other users from logging on to the domain.
Which tool should you use?
A. Active Directory Users and Computers
B. Certificate Templates
C. The Security Configuration Wizard
D. The Certificates snap-in
Answer: A
QUESTION 235
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
DC1 has the DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)
You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection. Which two configurations should you perform from DNS Manager? (Each correct answer presents part of the solution. Choose two.)
A. Sign the zone.
B. Store the zone in Active Directory.
C. Modify the Security settings of the zone.
D. Configure Dynamic updates.
E. Add a DNS key record
Answer: CD
Explanation:
http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx
QUESTION 236
You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard.
You discover that the new virtual disk has a write-back cache of 1 GB.
You need to ensure that the virtual disk has a write-back cache of 5 GB.
What should you do?
A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet.
B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet.
C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet.
D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.
Answer: D
Explanation:
You must set the write-back cache during the initial new disk creation.
This setting is not configurable once the VHD has been created.
QUESTION 237
Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company.
The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/jj649852.aspx
Run Set-DnsServerCache with the -LockingPercent switch. dnscmd technically works also.
QUESTION 238
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed.
You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable.
Which IPV6 scope prefix should you use?
A. 2001:123:4567:890A::
B. FE80:123:4567::
C. FF00:123:4567:890A::
D. FD00:123:4567::
Answer: D
QUESTION 239
You have a server named Server1 that runs Windows Server 2012 R2.
From Server Manager, you install the Active Directory Certificate Services server role on Server1.
A domain administrator named Admin1 logs on to Server1.
When Admin1 runs the Certification Authority console, Admin1 receive the following error message.
You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear.
What should you do?
A. Install the Active Directory Certificate Services (AD CS) tools.
B. Run the regsvr32.exe command.
C. Modify the PATH system variable.
D. Configure the Active Directory Certificate Services server role from Server Manager.
Answer: D
Explanation:
The error message is related to missing role configuration.
QUESTION 240
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named CONT1 and CONT2. Both servers run Windows Server 2012 R2.
CONT1 has a shared printer named Printer1. CONT2 connects to Printer1 on CONT1.
When you attempt to remove Printer1 from CONT2, you receive the error message shown in the exhibit. (Click the Exhibit button.)
You successfully delete the other printers installed on CONT2.
You need to identify what prevents you from deleting Printer1 on CONT2.
What should you identify?
A. Printer1 is deployed as part of a mandatory profile.
B. Printer1 is deployed by using a Group Policy object (GPO).
C. Your user account is not a member of the Print Operators group on CONT2.
D. Your user account is not a member of the Print Operators group on CONT1.
Answer: B
Comparing with others’, you will find our 70-417 exam questions are more helpful and precise since all the 70-417 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.