The Microsoft 70-411 PDF, 70-411 practice test and 70-411 questions and answers at GreatExam are written and prepared by Microsoft affiliated trainers and lecturers with decades of experience in the IT field. This ensures that you are equipped with the latest and most current information to give you a better chance of passing the Microsoft 70-411 exam.
QUESTION 241
You have a DNS server named Server1 that runs Windows Server 2012 R2. On Server1, you create a DNS zone named contoso.com.
You need to specify the email address of the person responsible for the zone.
Which type of DNS record should you configure?
A. Start of authority (SOA)
B. Mail exchanger (MX)
C. Host information (HINFO)
D. Mailbox (MB)
Answer: A
Explanation:
A SOA-record defines the responsible person for an entire zone, but a zone may contain many individual hosts / domain names for which different people are responsible. The Rprecord type makes it possible to identify the responsible person for individual host names contained within the zone.
QUESTION 242
You have a server named Server1 that runs Windows Server 2012 R2.
You discover that the performance of Server1 is poor.
The results of a performance report generated on Server1 are shown in the following table.
You need to identify the cause of the performance issue.
What should you identify?
A. Excessive paging
B. NUMA fragmentation
C. Driver malfunction
D. Insufficient RAM
Answer: C
Explanation:
Processor: %DPC Time. Much like the other values, this counter shows the amount of time that the processor spends servicing DPC requests. DPC requests are more often than not associated with the network interface.
Processor: % Interrupt Time. This is the percentage of time that the processor is spending on handling Interrupts. Generally, if this value exceeds 50% of the processor time you may have a hardware issue. Some components on the computer can force this issue and not really be a problem. For example a programmable I/O card like an old disk controller card, can take up to 40% of the CPU time. A NIC on a busy IIS server can likewise generate a large percentage of processor activity.
Processor: % User Time. The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.
Processor: %Privilege Time. This is the amount of time the processor was busy with Kernel mode operations. If the processor is very busy and this mode is high, it is usually an indication of some type of NT service having difficulty, although user mode programs can make calls to the Kernel mode NT components to occasionally cause this type of performance issue.
Memory: Pages/sec. This value is often confused with Page Faults/sec. The Pages/sec counter is a combination of Pages Input/sec and Pages Output/sec counters. Recall that Page Faults/sec is a combination of hard page faults and soft page faults. This counter, however, is a general indicator of how often the system is using the hard drive to store or retrieve memory associated data.
http://technet.microsoft.com/en-us/library/cc768048.aspx
QUESTION 243
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2012 R2. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers.
All domain users are configured to have a minimum password length of eight characters.
You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters.
What should you do?
A. Create a universal group that contains the research servers.
Create a Password Settings object (PSO) and assign the PSO to the group.
B. Configure a local Group Policy object (GPO) on each research server.
C. Create and link a Group Policy object (GPO) to the ResearchServers OU.
D. Create a global group that contains the research servers.
Create a Password Settings object (PSO) and assign the PSO to the group.
Answer: C
Explanation:
The password policies a GPO (GPO) that is applied to domain computers are taken over by the domain computers as a local password policy.
———————
For a domain, and you are on a member server or a workstation that is joined to the domain:
1. Open Microsoft Management Console (MMC).
2. On the File menu, click Add/Remove Snap-in, and then click Add.
3. Click Group Policy Object Editor, and then click Add.
4. In Select Group Policy Object, click Browse.
5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the appropriate domain, site, or organizational unit–or create a new one, click OK, and then click Finish.
6. Click Close, and then click OK.
7. In the console tree, click Password Policy.
Where?
Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy
8. In the details pane, right-click the policy setting that you want, and then click Properties.
9. If you are defining this policy setting for the first time, select the Define this policy setting check box.
10. Select the options that you want, and then click OK.
QUESTION 244
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains an Edge Server named Server1.
Server1 is configured as a DirectAccess server. Server1 has the following settings:
Your company uses split-brain DNS for the contoso.com zone.
You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that client computers on the Internet can establish DirectAccess connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?
A. A Name Suffix value of dal.contoso.com and a blank DNS Server Address value
B. A Name Suffix value of Server1.contoso.com and a DNS Server Address value of 65.55.37.62
C. A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
D. A Name Suffix value of dal.contoso.com and a DNS Server Address value of 65.55.37.62
Answer: A
Explanation:
For split-brain DNS deployments, you must list the FQDNs that are duplicated on the Internet and intranet and decide which resources the DirectAccess client should reach, the intranet version or the public (Internet) version. For each name that corresponds to a resource for which you want DirectAccess clients to reach the public version, you must add the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients.
Name suffixes that do not have corresponding DNS servers are treated as exemptions.
http://technet.microsoft.com/en-us/library/ee382323(v=ws.10).aspx
QUESTION 245
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed. The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers.
You need to add a system variable named App1Data to all of the client computers.
Which Group Policy preference should you configure?
A. Services
B. Ini Files
C. Environment
D. Data Sources
Answer: C
Explanation:
Environment Variable preference items allow you to create, update, replace, and delete user and system environment variables or semicolon-delimited segments of the PATH variable. Before you create an Environment Variable preference item, you should review the behavior of each type of action possible with this extension.
QUESTION 246
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012 R2. Contoso.com contains two servers. The servers are configured as shown in the following table.
Server1 and Server2 host a load-balanced application pool named AppPool1.
You need to ensure that AppPool1 uses a group Managed Service Account as its identity.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 247
Your network contains a Hyper-V host named Hyperv1. Hyperv1 runs Windows Server 2012 R2. Hyperv1 hosts four virtual machines named VM1, VM2, VM3, and VM4. All of the virtual machines run Windows Server 2008 R2.
You need to view the amount of memory resources and processor resources that VM4 currently uses.
Which tool should you use on Hyperv1?
A. Resource Monitor
B. Task Manager
C. Hyper-V Manager
D. Windows System Resource Manager (WSRM)
Answer: C
Explanation:
Hyper-V Performance Monitoring Tool
Know which resource is consuming more CPU. Find out if CPUs are running at full capacity or if they are being underutilized. Metrics tracked include Total CPU utilization, Guest CPU utilization, Hypervisor CPU utilization, idle CPU utilization, etc.
WSRM is deprecated starting with Windows Server 2012
QUESTION 248
You have a server named Server1 that runs Windows Server 2012 R2.
You create a custom Data Collector Set (DCS) named DCS1.
You need to configure Server1 to start DCS1 automatically when the network usage exceeds 70 percent.
Which type of data collector should you create?
A. A configuration data collector
B. A performance counter data collector
C. An event trace data collector
D. A performance counter alert
Answer: D
Explanation:
Performance alerts notify you when a specified performance counter exceeds your configured threshold by logging an event to the event log. But rather than notifying you immediately when the counter exceeds the threshold, you can configure a time period over which the counter needs to exceed the threshold, to avoid unnecessary alerts.
QUESTION 249
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the following role services installed:
– DirectAccess and VPN (RRAS)
– Network Policy Server
Remote users have client computers that run either Windows XP, Windows 7, or Windows 8.
You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1.
What should you configure on Server1?
A. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy
B. A condition of a Network Policy Server (NPS) network policy
C. A condition of a Network Policy Server (NPS) connection request policy
D. A constraint of a Network Policy Server (NPS) network policy
Answer: B
Explanation:
If you want to configure the Operating System condition, click Operating System, and then click Add. In Operating System Properties, click Add, and then specify the operating system settings that are required to match the policy.
The Operating System condition specifies the operating system (operating system version or service pack number), role (client or server), and architecture (x86, x64, or ia64) required for the computer configuration to match the policy.
Configuring NAP on the Network Policy Server (NPS)
https://technet.microsoft.com/en-us/library/dd182017.aspx
Network Policy Constraints Properties
https://technet.microsoft.com/en-us/library/cc770641(v=ws.10).aspx
QUESTION 250
You manage a server that runs Windows Server 2012 R2.
The server has the Windows Deployment Services server role installed.
You start a virtual machine named VM1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure a pre-staged device for VM1 in the Windows Deployment Services console.
Which two values should you assign to the device ID?
(Each correct answer presents a complete solution. Choose two.)
A. 979708BFC04B45259FE0C4150BB6C618
B. 979708BF-C04B-4525-9FE0-C4150BB6C618
C. 00155D000F1300000000000000000000
D. 0000000000000000000000155D000F13
E. 00000000-0000-0000-0000-C4150BB6C618
Answer: BD
Explanation:
Use client computer’s media access control (MAC) address preceded with twenty zeros or the globally unique identifier (GUID) in the format: {XXXXXXXX-XXXX-XXXX-XXX- XXXXXXXXXXXX}.
http://technet.microsoft.com/en-us/library/cc754469.aspx
QUESTION 251
Your network contains an Active Directory domain named contoso.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2.
You add a VPN server named Server2 to the network. On Server1, you create several network policies.
You need to configure Server1 to accept authentication requests from Server2.
Which tool should you use on Server1?
A. Add-RemoteAccessRadius
B. New-NpsRadiusClient
C. Remote Access Management Console
D. Routing and Remote Access
Answer: B
Explanation:
There are two configurations need to be done in Server1. First is to create a RADIUS client, and second, create a network policy. The network policy has been created. So we need to use New-NpsRadiusClient to create a RADIUS client.
QUESTION 252
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
On Server1, you create a network policy named Policy1.
You need to configure Policy1 to ensure that users are added to a VLAN.
Which attributes should you add to Policy1?
A. Tunnel-Tag, Tunnel-Password, Tunnel-Medium-Type, and Tunnel-Preference
B. Tunnel-Tag, Tunnel-Server-Auth-ID, Tunnel-Preference, and Tunnel-Pvt-Group-ID
C. Tunnel-Type, Tunnel-Tag, Tunnel-Medium-Type, and Tunnel-Pvt-Group-ID
D. Tunnel-Type, Tunnel-Password, Tunnel-Server-Auth-ID, and Tunnel-Pvt-Group-ID
Answer: C
Explanation:
VLAN attributes used in network policy
When you use network hardware, such as routers, switches, and access controllers that support virtual local area networks (VLANs), you can configure Network Policy Server (NPS) network policy to instruct the access servers to place members of Active Directory® groups on VLANs.
Before configuring network policy in NPS for VLANs, create groups of users in Active Directory Domain Services (AD DS) that you want to assign to specific VLANs. Then when you run the New Network Policy wizard, add the Active Directory group as a condition of the network policy.
You can create a separate network policy for each group that you want to assign to a VLAN. For more information, see Create a Group for a Network Policy. When you configure network policy for use with VLANs, you must configure the RADIUS standard attributes Tunnel-Medium-Type, Tunnel-Pvt-Group-ID, and Tunnel-Type. Some hardware vendors also require the use of the RADIUS standard attribute Tunnel-Tag.
To configure these attributes in a network policy, use the New Network Policy wizard to create a network policy. You can add the attributes to the network policy settings while running the wizard or after you have successfully created a policy with the wizard.
Tunnel-Medium-Type. Select a value appropriate to the previous selections you made while running the New Network Policy wizard. For example, if the network policy you are configuring is a wireless policy, in Attribute Value, select 802 (Includes all 802 media plus Ethernet canonical format).
Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. For example, if you want to create a Sales VLAN for your sales team by assigning team members to VLAN 4, type the number 4.
Tunnel-Type. Select the value Virtual LANs (VLAN).
Tunnel-Tag. Some hardware devices do not require this attribute. If your hardware device requires this attribute, obtain this value from your hardware documentation.
QUESTION 253
You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has the DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that willApply to all of the NAP non-compliant DHCP clients. Which criteria should you specify when you create the DHCP policy?
A. The relay agent information
B. The client identifier
C. The vendor class
D. The user class
Answer: D
Explanation:
To configure a NAP-enabled DHCP server
– On the DHCP server, click Start, click Run, in Open, type dhcpmgmt.smc, and then press ENTER.
– In the DHCP console, open <servername>\IPv4.
– Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.
– On the Network Access Protection tab, under Network Access Protection Settings, choose – Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK. In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, and then click Configure Options.
– On the Advanced tab, verify that Default User Class is selected next to User class.
– Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add.
– Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add.
– Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization’s domain name (for example, woodgrovebank.local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.
– On the Advanced tab, next to User class, choose Default Network Access Protection Class.
– Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.
– Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.
– Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.woodgrovebank.local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients.
– Click OK to close the Scope Options dialog box.
– Close the DHCP console.
http://technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx
QUESTION 254
Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role installed.
You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using the Network Policy Server (NPS) templates.
Which three settings should you identify? (Each answer presents part of the solution.
Choose three.)
A. IP filters
B. shared secrets
C. health policies
D. network policies
E. connection request policies
Answer: ABC
Explanation:
Using NPS templates (Network Policy Server, Network Policy Server) allows you to create configuration elements such as RADIUS clients (Remote Authentication Dial-In User Service) or shared secret that you can reuse on the local NPS server and for use on other NPS servers can export. NPS templates to reduce the time required and the cost of configuring one or more Network Policy Server. The following NPS template types are available in the template management for configuration:
Shared secrets
RADIUS clients
Remote RADIUS server
IP Filter
Health Policies
Remediation Server Groups
Configuring a template is not to be confused with direct Configuring the Network Policy Server. Creating a template does not affect the functionality of the Network Policy Server. Only when you select the template in the appropriate place in the NPS console, the original on the functionality of the Network Policy Server acts out.
QUESTION 255
You are the network administrator for a midsize computer company.
You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain.
You want to make sure only domain computers register with your DNS servers.
What should you do to resolve this issue?
A. Set dynamic updates to None.
B. Set dynamic updates to Nonsecure And Secure.
C. Set dynamic updates to Domain Users Only.
D. Set dynamic updates to Secure Only.
Answer: D
Explanation:
Already in the wizard to create new zones, you can configure the options for dynamic updates. The option only secure dynamic updates allows you to register new records and updating existing Einträg only computers that are members of the domain.
QUESTION 256
A system administrator is trying to determine which file system to use for a server that will become a Windows Server 2012 R2 file server and domain controller. The company has the following requirements:
The file system must allow for file-level security from within Windows 2012 Server.
The file system must make efficient use of space on large partitions.
The domain controller SYSVOL must be stored on the partition
Which of the following file systems meets these requirements?
A. FAT
B. FAT32
C. HPFS
D. NTFS
Answer: D
Explanation:
A file system is the underlying structure that is used on a computer for organizing data on your hard drive. If you are installing a new hard drive, you must partition using a file system and format it before you can store on the hard disk data or programs. On Windows, you can choose between three file system options: NTFS, FAT32, and the older and rarely-used FAT (also called FAT16).
NTFS
NTFS is the preferred file system of Windows. NTFS has many advantages over the earlier FAT32 file system. These include:
The ability to automatically perform a recovery with some disk-related errors.
This is not possible with FAT32.
Improved support for larger hard drives.
Better security because you can restrict using permissions and encryption to access certain files to authorized users.
For the Sysvol directory of a domain controller an NTFS formatted partition is imperative. FAT32 FAT32 and FAT less frequently used were used in previous versions of the Windows operating system, including Windows 95, Windows 98 and Windows Millennium Edition. FAT32 can not offer assurances provided by the NTFS file system. If you have a FAT32 partition or a FAT32 volume on your computer, any user who accesses your computer, read all the files stored on it. In addition, the FAT32 file system is subject to size restrictions. Under this version of Windows, you can only create a FAT32 partition up to 32 GB and store files with a maximum of 4 GB on a FAT32 partition.
FAT32 is mainly required if you own a computer, occasionally under Windows 95, Windows 98 or Windows Millennium Edition, and will otherwise run on this version of Windows. This is called a multiboot configuration. If this applies to your computer, you must install the older operating system on a FAT32 or FAT partition and ensure that it is in this partition to a primary partition (a partition that can host an operating system). Any additional partitions that you access when you run these previous versions of Windows must also be formatted with FAT32. These previous versions of Windows can over a network on NTFS partitions or -volumes access, but not to the NTFS partitions or -volumes on your computer.
QUESTION 257
Your corporate network includes an Active Directory Domain Services (AD DS) domain contoso.
On all domain controllers running Windows Server 2012 R2 is installed.
You need to create a new user account using the command prompt.
Which command would you use?
A. dsmodify
B. dscreate
C. dsnew
D. dsadd
E. Dsmod
F. Dsmgmt
G. Dsacls
H. Dsrm
I. Dsamain
I.
Answer: D
Explanation:
This command-line tool Dsadd was integrated for the first time in Windows Server 2008 and is installed since Active cooperation with the role Directory Domain Services. The program enables the creation of Active Directory objects from the command line and contains the following subroutines for creating different types of objects:
Dsadd computer
Dsadd contact
Dsadd group
Dsadd ou
Dsadd user
Dsadd quota
QUESTION 258
You are hired as a consultant to the ABC Company. The owner of the company complains that she continues to have Desktop wallpaper that she did not choose. When you speak with the IT team, you find out that a former employee created 20 GPOs and they have not been able to figure out which GPO is changing the owner’s Desktop wallpaper.
How can you resolve this issue?
A. Run the RSoP utility against all forest computer accounts
B. Run the RSoP utility against the owner’s computer account
C. Run the RSoP utility against the owner’s user account
D. Run the RSoP utility against all domain computer accounts.
Answer: C
QUESTION 259
You need to enable three of your domain controllers as global catalog servers.
Where would you configure the domain controllers as global catalogs?
A. Forest, NTDS settings
B. Domain, NTDS settings
C. Site, NTDS settings
D. Server, NTDS settings
Answer: D
QUESTION 260
You are the network administrator for your organization.
Your company uses a Windows Server 2012 R2 Enterprise certification authority to issue certificates.
You need to start using key archival.
What should you do?
A. Implement a distribution CRL.
B. Install the smart card key retrieval.
C. Implement a Group Policy object (GPO) that enables the Online Certificate Status Protocol (OCSP) responder.
D. Archive the private key on the server.
Answer: D
GreatExam guarantees your 70-411 exam success with our exam resources. Our 70-411 braindumps are the latest and developed by experienced IT certification professionals working in today’s prospering companies and data centers. All our 70-411 braindumps include 70-411 real exam questions which guarantee your 100% success of 70-411 exam in your first try.