Braindump2go New Updated Microsoft 70-411 Dumps Free Download Now! 100% Pass Your 70-411 Exam One Time At Your First Try! Instant Download 70-411 Dumps Full Version From Braindump2go Now!

Vendor: Microsoft
Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam

116

QUESTION 76
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on R0DC1. The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?

A.    From Active Directory Site and Services, configure the Security settings of the RODC1 server object.
B.    From Windows PowerShell, run the Set-ADAccountControlcmdlet.
C.    From a command prompt, run the dsmgmt local roles command.
D.    From Active Directory Users and Computers, configure the Member Of settings of the RODC1 account.

Answer: C
Explanation:
RODC: using the dsmgmt.exe utility to manage local administrators One of the benefits of of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt.

QUESTION 77
You have a server named Server1 that has the Web Server (IIS) server role installed.
You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Sockets Layer (SSL).
To which store should you import the certificate?

wpsC840.tmp_thumb

Answer:

wpsE237.tmp_thumb

Explanation:
http://technet.microsoft.com/en-us/library/cc740068(v=ws.10).aspx

QUESTION 78
Your network contains an Active Directory domain named contoso.com.
You create a user account named User1.
The properties of User1 are shown in the exhibit. (Click the Exhibit button.)
You plan to use the User1 account as a service account. The service will forward authentication requests to other servers.
You need to ensure that you can view the Delegation tab from the properties of the User1 account.
What should you do first?

wpsFA98.tmp_thumb

A.    Modify the Security settings of User1.
B.    Modify the user principal name (UPN) of User1.
C.    Configure a Service Principal Name (SPN) for User1.
D.    Configure the Name Mappings of User1.

Answer: C
Explanation:
If you cannot see the Delegation tab, do one or both of the following:
Register a Service Principal Name (SPN) for the user account with the Setspn utility in the support tools on your CD. Delegation is only intended to be used by service accounts, which should have registered SPNs, as opposed to a regular user account which typically does not have SPNs.
Raise the functional level of your domain to Windows Server 2003.
For more information, see Related Topics.
http://technet.microsoft.com/en-us/library/cc739474(v=ws.10).aspx

QUESTION 79
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?

A.    In D:\Windows\NTDS\, create an XML file named DCCloneConfig.xml and add the application
information to the file.
B.    In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application
information to the file.
C.    In the root of a USB flash drive, add the application information to an XML file named DefaultDCClone
AllowList.xml.
D.    In D:\Windows\NTDS, create an XML file named DefaultDCCloneAllowList.xml and add the application
information to the file.

Answer: B
Explanation:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active- directory-domainservices-in-windows-server-2012-part-13-domain-controller-cloning.aspx
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.

QUESTION 80
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. On all of the domain controllers, Windows is installed in C:\Windows and the Active Directory database is located in D:\Windows\NTDS\. All of the domain controllers have a third-party application installed. The operating system fails to recognize that the application is compatible with domain controller cloning.
You verify with the application vendor that the application supports domain controller cloning.
You need to prepare a domain controller for cloning.
What should you do?

A.    In the root of a USB flash drive, add the application information to an XML file named DefaultDCClone
AllowList.xml.
B.    In C:\Windows\system32\sysprep\actionfiles\, add the application information to an XML file named
Specialize .xml.
C.    In D:\Windows\NTDS\, create an XML file named CustomDCCloneAllowList.xml and add the application
information to the file.
D.    In C:\Windows\system32\sysprep\actionfiles\add the application information to an XML file named
Respecialize .xml.

Answer: C
Explanation:
Place the CustomDCCloneAllowList.xml file in the same folder as the Active Directory database (ntds.dit) on the source Domain Controller.

wps25DD.tmp_thumb

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning.aspx http://www.thomasmaurer.ch/2012/08/windows-server-2012-hyper-v-how-to-clone-a-virtual-domain-controller
http://technet.microsoft.com/en-us/library/hh831734.aspx

QUESTION 81
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to meet the following requirements:
– Ensure that old files in a folder named Folder1 are archived automatically to a folder named Archive1.
– Ensure that all storage reports are saved to a network share.
Which two nodes should you configure?
To answer, select the appropriate two nodes in the answer area.

wps459E.tmp_thumb

Answer:

wps5A47.tmp_thumb

QUESTION 82
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers.

wps741F.tmp_thumb

The network contains a server named Server1 that has the Hyper-V server role installed.
DC6 is a virtual machine that is hosted on Server1.
You need to ensure that you can clone DC6.
Which FSMO role should you transfer to DC2?

A.    Infrastructure Master
B.    RID Master
C.    Domain Naming Master
D.    PDC emulator

Answer: D
Explanation:
D. The clone domain controller uses the security context of the source domain controller (the domain controller whose copy it represents) to contact the Windows Server 2012 R2 Primary Domain Controller (PDC) emulator operations master role holder (also known as flexible single master operations, or FSMO). The PDC emulator must be running Windows Server 2012 R2, but it does not have to be running on a hypervisor.
http://technet.microsoft.com/en-us/library/hh831734.aspx

QUESTION 83
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive application named Appl.
Users report that App1 responds more slowly than expected.
You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1.
Which performance object should you monitor on Server1?

A.    Processor
B.    Hyper-V Hypervisor Virtual Pcessorro
C.    Hyper-V Hypervisor Root Virtual Processor
D.    Process
E.    Hyper-V Hypervisor Logical Processor

Answer: E
Explanation:
In the simplest way of thinking the virtual processor time is cycled across the available logical processors in a round-robin type of fashion. Thus all the processing power gets used over time, and technically nothing ever sits idle.
To accurately measure the processor utilization of a guest operating system, use the
“\Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time” performance monitor counter on the Hyper-V host operating system.

QUESTION 84
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?

A.    From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share – Advanced option.
B.    From the File Server Resource Manager console, modify the Access-Denied Assistance settings.
C.    From the File Server Resource Manager console, modify the Email Notifications settings.
D.    From Server Manager, run the New Share Wizard to create a share for Folder1 by selecting the SMB Share -Applications option.

Answer: C
Explanation:
Configure the email notification settings
You must configure the email notification settings on each file server that will send the access-denied assistance messages.
Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager.
Right-click File Server Resource Manager (Local), and then click Configure Options.
Click the Email Notifications tab.
Configure the following settings:
Click Send Test E-mail to ensure that the email notifications are configured correctly.
Click OK.

QUESTION 85
Hotspot Question
Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Both servers have the DFS Replication role service installed.
You need to configure the DFS Replication environment to meet the following requirements:
– Increase the quota limit of the staging folder.
– Configure the staging folder cleanup process to provide the highest amount of free space possible.
Which cmdlets should you use to meet each requirement?
To answer, select the appropriate options in the answer area.

wps99D8.tmp_thumb

Answer:

wpsB017.tmp_thumb

QUESTION 86
Your network contains an Active Directory domain named contoso.com.
You need to create a AD Snapshot.
Which four actions should you perform? To answer, move the four appropriate actions from the list of actions to the answer area and arrange them in the correct order.

wpsCC4F.tmp_thumb

Answer:

wpsE5F8.tmp_thumb

Explanation:
http://www.petri.co.il/working-active-directory-snapshots-windows-server-2008.htm#
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

QUESTION 87
Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows Server 2012 R2.

wpsA9.tmp_thumb

Server 1 and Server2 host a load-balanced application pool named AppPool1.
You need to ensure that AppPool1 uses a group Manged Service Account as its identity.
Which 3 actions should you perform?

wps1D00.tmp_thumb

Answer:

wps335F.tmp_thumb

Explanation:
http://technet.microsoft.com/en-us/library/jj128431.aspx

QUESTION 88
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.

wps4FA6.tmp_thumb

Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
What should you do?

A.    Perform a non-authoritative restore.
B.    Modify the is Recycled attribute of Group1.
C.    Perform an authoritative restore.
D.    Recover the items by using Active Directory Recycle Bin.

Answer: D
Explanation:
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion.
For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.

QUESTION 89
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
You create a global group named RODC_Admins.
You need to provide the members of RODC_Admins with the ability to manage the hardware and the software on RODC1.
The solution must not provide RODC_Admins with the ability to manage Active Directory objects.
What should you do?

A.    From Active Directory Users and Computers , configure the Managed By settings of the RODC1 account.
B.    From Active Directory Sites and Services, run the Delegation of Control Wizard
C.    From Active Directory Users and Computers, run the Delegation of Control Wizard.
D.    From a command prompt, run the dsadd computer command.

Answer: A
Explanation:
Note:
* You can delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain or other domain controllers. This permits a local branch user to log on to an RODC and perform maintenance work on the server, such as upgrading a driver. However, the branch user cannot log on to any other domain controller or perform any other administrative task in the domain. In this way, the branch user can be delegated the ability to effectively manage the RODC in the branch office without compromising the security of the rest of the domain.
Incorrect:
Not C: The Set-ADAccountControl cmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. UAC values are represented by cmdlet parameters. For example, set the PasswordExpired parameter to change whether an account is expired and to modify the ADS_UF_PASSWORD_EXPIRED UAC value.
Not D: Managed by Tab in Windows Server computer account grantslocal admin access to that RODC. This means he getsControl Access for ResetPassword, and WriteProperty for UserLogonInformation and AccountRestrictions propsets. These allow him to attach an RODC to precreated RODC account, or to perform RODC demotion (with /retainDcMetadata flag). He is also dropped into the local builtin admins group on that RODC

QUESTION 90
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso/User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?

A.    Join DC10 to the domain. Modify the properties of the DC10 computer account
B.    From Active Directory Administrative Center, pre-create an RODC computer account.
C.    Join DC10 to the domain. Run dsmod and specify the /server switch
D.    From Active Directory Administrative Center, modify the security settings of the Domain Controllers
organizational unit (OU).

Answer: B
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1. Staging an unoccupied computer account
2. Attaching an RODC to that account during promotion
Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)


Thanks For Trying Braindump2go Latest Microsoft 70-411 Dumps Questions! Braindump2go Exam DumpsADVANTAGES:

☆ 100% Pass Guaranteed Or Full Money Back!
☆ Instant Download Access After Payment!
☆ One Year Free Updation!
☆ Well Formated: PDF,VCE,Exam Software!
☆ Multi-Platform capabilities – Windows, Laptop, Mac, Android, iPhone, iPod, iPad.
☆ Professional, Quick,Patient IT Expert Team 24/7/365 Onlinen Help You!
☆ We served more than 35,000 customers all around the world in last 5 years with 98.99% PASS RATE!
☆ Guaranteed Secure Shopping! Your Transcations are protected by Braindump2go all the time!
☆ Pass any exams at the FIRST try!

120

http://www.braindump2go.com/70-411.html