Tag Archives: 70-411 exam questions

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(31-40)!

QUESTION 31
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You need to provide an Administrator named Admin1 with the ability to create GPOs in the domain. The solution must not provide Admin1 with the ability to link GPOs.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gpresult
E.    Gptedit.msc
F.    Import-GPO
G.    Restore-GPO
H.    Set-GPInheritance
I.    Set-GPLink
J.    Set-GPPermission
K.    Gpupdate
L.    Add-ADGroupMember

Answer: J
Explanation:
http://technet.microsoft.com/en-us/library/ee461038.aspx

QUESTION 32
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain contains a GPO named GPO1. GPO1 contains several Group Policy preferences.
You need to view all of the preferences configured in GPO1.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gpresult
E.    Gptedit.msc
F.    Import-GPO
G.    Restore-GPO
H.    Set-GPInheritance
I.    Set-GPLink
J.    Set-GPPermission
K.    Gpupdate
L.    Add-ADGroupMember

Answer: B
Explanation:
B. The Get-GPOReport cmdlet generates a report in either XML or HTML format that describes properties and policy settings for a specified GPO or for all GPOs in a domain. The information that is reported for each GPO includes: details, links, security filtering, WMI filtering, delegation, and computer and user configuration
http://technet.microsoft.com/en-us/library/ee461027.aspx http://cmdlet.wordpress.com/2011/08/24/episode-3-get-gporeport

QUESTION 33
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. A network Administrator accidentally deletes the Default Domain Policy GPO.
You do not have a backup of any of the GPOs.
You need to recreate the Default Domain Policy GPO.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gptedit.msc
E.    Import-GPO
F.    Restore-GPO
G.    Set-GPInheritance
H.    Set-GPLink
I.    Set-GPPermission
J.    Gpupdate
K.    Add-ADGroupMember

Answer: A
Explanation:
Restores the default Group Policy objects to their original state (that is, the default state after initial installation).

QUESTION 34
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain is renamed to adatum.com. Group Policies no longer function correctly.
You need to ensure that the existing GPOs are applied to users and computers.
You want to achieve this goal by using the minimum amount of Administrative effort.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gpresult
E.    Gptedit.msc
F.    Import-GPO
G.    Restore-GPO
H.    Set-GPInheritance
I.    Set-GPLink
J.    Set-GPPermission
K.    Gpupdate
L.    Add-ADGroupMember

Answer: C
Explanation:
You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and NetBIOS names after a domain rename operation.

QUESTION 35
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs. The domain contains a top-level organizational unit (OU) for each department. A group named Group1 contains members from each department.
You have a GPO named GPO1 that is linked to the domain.
You need to configure GPO1 to apply settings to Group1 only.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gpresult
E.    Gptedit.msc
F.    Import-GPO
G.    Restore-GPO
H.    Set-GPInheritance
I.    Set-GPLink
J.    Set-GPPermission
K.    Gpupdate
L.    Add-ADGroupMember

Answer: J
Explanation:
J. Set-GPPermission grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain. You use the TargetName and TargetType parameters to specify a user, security group, or computer for which to set the permission level.
-Replace <SwitchParameter>
Specifies that the existing permission level for the group or user is removed before the new permission level is set. If a security principal is already granted a permission level that is higher than the specified permission level and you do not use the Replace parameter, no change is made. http://technet.microsoft.com/en-us/library/ee461038.aspx

QUESTION 36
Your network contains an Active Directory domain named contoso.com. A user named User1 creates a central store and opens the Group Policy Management Editor as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the default Administrative Templates appear in GPO1. What should you do? Exhibit:
 clip_image001

A.    Link a WMI filter to GPO1.
B.    Add User1 to the Group Policy Creator Owners group.
C.    Configure Security Filtering in GPO1.
D.    Copy files from %Windir%\PolicyDefinitions to the central store.

Answer: D
Explanation:
In earlier operating systems, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased.
In Group Policy for Windows Server 2008 and Windows Vista, if you change Administrative template policy settings on local computers, Sysvol will not be automatically updated with the new .ADMX or .ADML files. This change in behavior is implemented to reduce network load and disk storage requirements, and to prevent conflicts between .ADMX files and. ADML files when edits to Administrative template policy settings are made across different locales. To make sure that any local updates are reflected in Sysvol, you must manually copy the updated .ADMX or .ADML files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location:
\\FQDN\SYSVOL\FQDN\policies
http://support.microsoft.com/kb/929841

QUESTION 37
Your network contains a single Active Directory domain named contoso.com. The domain contains an Active Directory site named Site1 and an organizational unit (OU) named OU1. The domain contains a client computer named Client1 that is located in OU1 and Site1. You create five Group Policy objects (GPO).
 clip_image001[4]
You need to identify in which order the GPOs will be applied to Client1.
In which order should you arrange the listed GPOs? To answer, move all GPOs from the list of GPOs to the answer area and arrange them in the correct order.
 clip_image001[6]
Answer:
 clip_image001[8]
Explanation:
With enforcement, the parent GPO link always has precedence.
Applied by order:
domain
OU
OU enforcement
domain enforcement
site enforcement
GPOs are applied according to the Group Policy hierarchy in the following order:
local GPO
GPOs linked to the site
GPOs linked to the domain
GPOs linked to OUs.
By default, an Active Directory container inherits settings from GPOs that are applied at the next higher level in the hierarchy. Blocking inheritance prevents the settings in GPOs that are linked to higher-level sites, domains, or organizational units from being automatically inherited by the specified domain or OU, unless the link (at the higher-level container) for a GPO is enforced.
Links to a specific site, domain, or organizational unit are applied in reverse sequence based on link order. For example, a GPO with Link Order 1 has highest precedence over other GPOs linked to that container.
By default settings in Group Policy Objects (GPOs) get applied in the following order: Local system policies first, then policies on the Active Directory Domain level, then policies on the Active Directory Site level and then the policies for all the Organization Units the computer and user are members of, starting at the root of the domain. The settings that are last applied are the settings in effect.
http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/15/understanding-the-structure-of-a-group-policy-object-part-2.aspx
http://technet.microsoft.com/en-us/library/cc757050.aspx

QUESTION 38
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?

A.    Get-ADFineGrainedPasswordPolicy
B.    Get-ADAccountResultantPasswordReplicationPolicy
C.    Get-ADDomainControllerPasswordReplicationPolicy
D.    Get-ADDefaultDomainPasswordPolicy

Answer: A
Explanation:
A. Gets one or more Active Directory fine grained password policies.
B. Gets the resultant password replication policy for an Active Directory account.
C. Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy
D. Gets the default password policy for an Active Directory domain. http://technet.microsoft.com/en-us/library/ee617231.aspx
ttp://technet.microsoft.com/en-us/library/ee617227.aspx
http://technet.microsoft.com/en-us/library/ee617207.aspx
http://technet.microsoft.com/en-us/library/ee617244.aspx

QUESTION 39
Your network contains a production Active Directory forest named contoso.com and a test Active Directory forest named test.contoso.com. There is no network connectivity between contoso.com and test.contoso.com. The test.contoso.com domain contains a Group Policy object (GPO) named GPO1.
You need to apply the settings in GPO1 to the contoso.com domain.
Which four actions should you perform?
To answer, move the four appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 clip_image002
Answer:
Box 1: Run the Backup-GPO cmdlet in test.contoso.com.
Box 2: Use a removable media to transfer the contents of test.contoso.com to contoso.com
Box 3: Run the New-GPO cmdlet in contoso.com.
Box 4: Run the Import-GPO cmdlet in contoso.com.
Explanation:
Note:
* Backup-GPO
Backs up one GPO or all the GPOs in a domain.
The Backup-GPO cmdlet backs up a specified GPO or all the GPOs in a domain to a backup directory.
The backup directory and GPO must already exist.
* Import-GPO
Imports the Group Policy settings from a backed-up GPO into a specified GPO. The Import-GPO cmdlet imports the settings from a GPO backup into a specified target GPO. The target GPO can be in a different domain or forest than that from which the backup was made and it does not have to exist prior to the operation.
Incorrect:
* (incorrect) Restore-GPO
Restores one GPO or all GPOs in a domain from one or more GPO backup files. The Restore-GPO cmdlet restores a GPO backup to the original domain from which it was saved. If the original domain is not available, or if the GPO no longer exists in the domain, the cmdlet fails.
* (incorrect) Copy-GPO
Copies a GPO.
The Copy-GPO cmdlet creates a (destination) GPO and copies the settings from the source GPO to the new GPO. The cmdlet can be used to copy a GPO from one domain to another domain within the same forest.

QUESTION 40
Your network contains an Active Directory domain named contoso.com.
All user accounts reside in an organizational unit (OU) named OU1. All of the users in the marketing department are members of a group named Marketing. All of the users in the human resources department are members of a group named HR.
You create a Group Policy object (GPO) named GPO1.
You link GP01 to OU1.
You configure the Group Policy preferences of GPO1 to add two shortcuts named Link1 and Link2 to the desktop of each user.
You need to ensure that Link1 only appears on the desktop of the users in Marketing and that Link2 only appears on the desktop of the users in HR.
What should you configure?

A.    Item-level targeting
B.    Group Policy Inheritance
C.    Security Filtering
D.    WMI Filtering

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc733022.aspx
http://technet.microsoft.com/en-us/library/cc779036%28v=ws.10%29.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump:

http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(21-30)!

QUESTION 21
Your network contains a single Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com All servers dynamically register their host names.
You install the new Web servers that host identical copies of your company’s intranet website. The servers are configured as shown in the following table.
 clip_image001[64]
You need to use DNS records to load balance name resolution queries for intranet.contoso.com between the two Web servers.
What is the minimum number of DNS records that you should create manually?

A.    1
B.    2
C.    3
D.    4

Answer: B
Explanation:
An A records for each IP is needed
intranet.contoso.com > 10.0.0.20
intranet.contoso.com > 10.0.0.21
intranet.contoso.com > 10.0.0.22
http://technet.microsoft.com/en-us/library/cc772506.aspx
http://technet.microsoft.com/en-us/library/gg398251.aspx

QUESTION 22
You have a Direct Access Server named Server1 running Server 2012 R2.
You need to add prevent users from accessing websites from an Internet connection
What should you configure?

A.    Split Tunneling
B.    Security Groups
C.    Force Tunneling
D.    Network Settings

Answer: C
Explanation:
To make Internet resources available to DirectAccess clients that use force tunneling, you can use a proxy server, which can receive IPv6-based requests for Internet resources and translate them to requests for IPv4-based Internet resources.
http://technet.microsoft.com/en-us/library/jj134204.aspx#BKMK_forcetunnel http://blogs.technet.com/b/tomshinder/archive/2010/03/30/more-on-directaccess-split-tunneling-and-force- tunneling.aspx

QUESTION 23
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1. The solution must NOT require the use of certificates or pre- shared keys.
What should you modify? To answer, select the appropriate object in the answer area.
 clip_image001[66]
Answer:
 clip_image001[68]
Explanation:
PPTP
http://support.microsoft.com/kb/243374

QUESTION 24
Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2. Computer accounts for the marketing department are in an organizational unit (OU) named Departments \Marketing\Computers. User accounts for the marketing department are in an OU named Departments\Marketing\Users. All of the marketing user accounts are members of a global security group named MarketingUsers. All of the marketing computer accounts are members of a global security group named MarketingComputers. In the domain, you have Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.)
 clip_image002[52]
You create two Password Settings objects named PSO1 and PSO2. PSO1 is applied to MarketingUsers. PSO2 is applied to MarketingComputers.
 clip_image001[70]
You need to identify the minimum password length required for each marketing user. What should you identify?

A.    5
B.    6
C.    7
D.    10
E.    12

Answer: D
Explanation:
PSO1 is applied to the users so min length is 10

QUESTION 25
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains several custom Administrative templates. You need to filter the GPO to display only settings that will be removed from the registry when the GPO falls out of scope. The solution must only display settings that are either enabled or disabled and that have a comment.
How should you configure the filter? To answer, select the appropriate options below. Select three.
 clip_image001[72]

A.    Set Managed to: Yes
B.    Set Managed to: No
C.    Set Managed to: Any
D.    Set Configured to: Yes
E.    Set Configured to: No
F.    Set Configured to: Any
G.    Set Commented to: Yes
H.    Set Commented to: No
I.    Set Commented to: Any

Answer: AFG
Explanation:
A: Set Managed to: Yes
There are two kinds of Administrative Template policy settings: Managed and Unmanaged. The Group Policy Client service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer.
F: Set Configured to: Any
We want to display both settings that are enable and disabled.
G: Set Commented to: Yes
Only settings that are commented should be displayed.
Note: Filter with Property Filters
The Local Group Policy Editor allows you to change the criteria for displaying Administrative Template policy settings. By default, the editor displays all policy settings, including unmanaged policy settings. However, you can use property filters to change how the Local Group Policy Editor displays Administrative Template policy settings.
There are three inclusive property filters that you can use to filter Administrative Templates. These property filters include:
Managed
Configured
Commented

QUESTION 26
Your network contains an Active Directory domain named contoso.com.
You have several Windows PowerShell scripts that execute when users log on to their client computer.
You need to ensure that all of the scripts execute completely before the users can access their desktop.
Which setting should you configure? To answer, select the appropriate setting in the answer area.
 clip_image001[74]
Answer:
 clip_image001[76]
Explanation:
http://technet.microsoft.com/en-us/library/cc958585.aspx

QUESTION 27
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named dcl.contoso.com.
You discover that the Default Domain Policy Group Policy objects (GPOs) and the Default Domain Controllers Policy GPOs were deleted.
You need to recover the Default Domain Policy and the Default Domain Controllers Policy GPOs.
What should you run?

A.    dcgpofix.exe /target:domain
B.    gpfixup.exe /dc:dc1.contoso.co,n
C.    dcgpofix.exe /target:both
D.    gptixup.exe /oldnb:contoso /newnb:dc1

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx

QUESTION 28
Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 R2.
You have a Password Settings object (PSOs) named PSO1.
You need to view the settings of PSO1.
Which tool should you use?

A.    Group Policy Management
B.    Server Manager
C.    Get-ADAccountResultantPasswordReplicationPolicy
D.    Active Directory Administrative Center

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc770848(v=ws.10).aspx
Incorrect:
* Get-ADFineGrainedPasswordPolicy
Gets one or more Active Directory fine grained password policies.
* To store fine-grained password policies, Windows Server 2008 includes two new object classes in the Active Directory Domain Services (AD DS) schema:
Password Settings Container
Password Settings
The Password Settings Container (PSC) object class is created by default under the System container in the domain. It stores the Password Settings objects (PSOs) for that domain.

QUESTION 29
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You need to prevent all of the GPOs at the site level and at the domain level from being applied to users and computers in an organizational unit (OU) named OU1.
You want to achieve this goal by using the minimum amount of Administrative effort.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gpresult
E.    Gptedit.msc
F.    Import-GPO
G.    Import-GPO
H.    Restore-GPO
I.    Set-GPInheritance
J.    Set-GPLink
K.    Set-GPPermission
L.    Gpupdate
M.    Add-ADGroupMember

Answer: I
Explanation:
http://technet.microsoft.com/en-us/library/ee461032.aspx
http://technet.microsoft.com/en-us/library/cc757050.aspx

QUESTION 30
Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
You have two GPOs linked to an organizational unit (OU) named OU1.
You need to change the precedence order of the GPOs.
What should you use?

A.    dcgpofix
B.    Get-GPOReport
C.    Gpfixup
D.    Gpresult
E.    Gptedit.msc
F.    Import-GPO
G.    Restore-GPO
H.    Set-GPInheritance
I.    Set-GPLink
J.    Set-GPPermission
K.    Gpupdate
L.    Add-ADGroupMember

Answer: I
Explanation:
The Set-GPLink cmdlet sets the properties of a GPO link.
You can set the following properties:
— Enabled. If the GPO link is enabled, the settings of the GPO are applied when Group Policy is processed for the site, domain or OU.
— Enforced. If the GPO link is enforced, it cannot be blocked at a lower-level (in the Group Policy processing hierarchy) container.
— Order. The order specifies the precedence that the settings of the GPO take over conflicting settings in other GPOs that are linked (and enabled) to the same site, domain, or OU. http://technet.microsoft.com/en-us/library/ee461022.aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump:

http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(11-20)!

QUESTION 11
Your network contains an Active Directory domain named fabrikam.com.
You implement DirectAccess and an IKEv2 VPN.
You need to view the properties of the VPN connection.
Which connection properties should you view?
To answer, select the appropriate connection properties in the answer area.
 clip_image001[56]
Answer:
 clip_image002[6]
Explanation:
http://technet.microsoft.com/en-us/library/jj613767.aspx
 clip_image002[46]

QUESTION 12
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named PPTP_Policy.
You need to configure PPTP_Policy to apply only to VPN connections that use the PPTP protocol.
What should you configure in PPTP_Policy?

A.    The Service Type
B.    The Tunnel Type
C.    The Framed Protocol
D.    The NAS Port Type

Answer: B
Explanation:
A. Restricts the policy to only clients specifying a certain type of service, such as Telnet or Point to Point Protocol connections.
B. Restricts the policy to only clients that create a specific type of tunnel, such as PPTP or L2TP.
C. Restricts the policy to clients that specify a certain framing protocol for incoming packets, such as PPP or SLIP.
D. Allows you to specify the type of media used by the client computer to connect to the network. http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
 clip_image001[58]

QUESTION 13
Your network contains a RADIUS server named Server1.
You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed.
You need to ensure that all accounting requests for Server2 are forwarded to Server1.
On Server2, you configure a Connection Request Policy.
What else should you configure on Server2?
To answer, select the appropriate node in the answer area.
 clip_image001[60]
Answer:
 clip_image002[8]
Explanation:
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests.
http://technet.microsoft.com/en-us/library/cc754518.aspx

QUESTION 14
Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named server1.contoso.com. The adatum.com forest contains a server named server2.adatum.com. Both servers have the Network Policy Server role service installed. The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed.
You plan to configure Server3 as an authentication provider for several VPN servers.
You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to server1.contoso.com.
Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.)

A.    Network policies
B.    Remote RADIUS server groups
C.    Connection authorization policies
D.    Remediation server groups
E.    Connection request policies

Answer: BE
Explanation:
When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.
To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.
When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests.
http://technet.microsoft.com/en-us/library/cc754518.aspx

QUESTION 15
Your network contains an Active Directory domain named fabrikam.com.
You implement DirectAccess.
You need to view the properties of the DirectAccess connection.
Which connection properties should you view? To answer, select the appropriate connection properties in the answer area.
 clip_image001[62]
Answer:
 clip_image002[10]
Explanation:
http://technet.microsoft.com/en-us/library/jj613767.aspx
 clip_image002[48]

QUESTION 16
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?

A.    Add a RADIUS client.
B.    Create a connection request policy.
C.    Modify the members of the Remote Management Users group.
D.    Modify the Dial-in setting of User1.

Answer: D
Explanation:
D. Access permission is also granted or denied based on the dial-in properties of each user account.
http://technet.microsoft.com/en-us/library/cc772123.aspx

QUESTION 17
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to support the resolution of names in fabrikam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.
What should you do on Server1?

A.    Add a forwarder.
B.    Create a stub zone.
C.    Create a conditional forwarder.
D.    Create a secondary zone.

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771898.aspx
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone With secondary, you have ability to resolve records from the other domain even if its DNS servers are temporarily unavailable
While secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone.
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Stub_Zones.html http://technet.microsoft.com/en-us/library/cc771898.aspx http://redmondmag.com/Articles/2004/01/01/The-Long-and-Short-of-Stub-Zones.aspx?Page=2

QUESTION 18
Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configure to notify secondary servers of changes automatically.
You update several records on Server1.
You need to force the replication of the contoso.com zone records from Server1 to Server2.
What should you do from Server2?

A.    Right-click Server2 and click Update Server Data Files.
B.    Right-click Server2 and click Refresh.
C.    Right-click the contoso.com zone and click Reload.
D.    Right-click the contoso.com zone and click Transfer from Master.

Answer: D
Explanation:
A. For standard primary zones, this procedure causes the DNS server to immediately write its in- memory changes out to disk for storage with the zone file.
D. Initiates zone transfer from secondary server
http://technet.microsoft.com/en-us/library/cc786985(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc779391(v=ws.10).aspx

QUESTION 19
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8. Your company has users who work from home. Some of the home users have desktop computers. Other home users have laptop computers. All of the computers are joined to the domain. All of the computer accounts are members of a group named Group1. Currently, the home users access the corporate network by using a PPTP VPN.
You implement DirectAccess by using the default configuration and you specify Group1 as the DirectAccess client group. The home users who have desktop computers report that they cannot use DirectAccess to access the corporate network. The home users who have laptop computers report that they can use DirectAccess to access the corporate network.
You need to ensure that the home users who have desktop computers can access the network by using DirectAccess.
What should you modify?

A.    The security settings of the computer accounts for the desktop computers
B.    The membership of the R.AS and IAS Servers group
C.    The WMI filter for Direct Access Client Settings GPO
D.    The conditions of the Connections to Microsoft Routing and Remote Access server policy

Answer: C
Explanation:
C. By default, the Getting Started Wizard deploys DirectAccess to all laptops and notebook computers in the domain by applying a WMI filter to the client settings GPO http://technet.microsoft.com/en-us/library/jj574097.aspx

QUESTION 20
You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?

A.    Show-DNSServerCache
B.    dnscacheugc.exe
C.    ipconfig.exe /displaydns
D.    nslookup.exe

Answer: A
Explanation:
Show-DnsServerCache – Shows the records in a DNS Server Cache.
The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in the following format: Name, ResourceRecordData, Time-to-Live (TTL).
 clip_image002[50]
http://technet.microsoft.com/en-us/library/jj649915.aspx
http://www.windowsnetworking.com/articles_tutorials/Managing-DNS-servers-using-PowerShell.html

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump:

http://www.braindump2go.com/70-411.html

Official 2014 Latest Microsoft 70-411 Exam Dump Free Download(1-10)!

QUESTION 1
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1.
You need to deploy a VPN connection to all users.
What should you configure from Users Configuration in GPO1?

A.    Policies/Administrative Templates/Network/Network Connections
B.    Policies/Administrative Templates/Network/Windows Connect Now
C.    Preferences/Control Panel Settings/Network Options
D.    Policies/Administrative Templates/Windows Components/Windows Mobility Centre

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc772107.aspx
To create a new Dial-Up Connection preference item
Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.
In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. Right-click the Network Options node, point to New, and select Dial-Up Connection.

QUESTION 2
Hotspot Question
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use?
To answer, select the appropriate naming context in the answer area.
  clip_image002[40]
Answer:
 clip_image002[42]

QUESTION 3
Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com. You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone. What should you do first?

A.    Run the Zone Signing Wizard for the zone.
B.    From the properties of the zone, change the zone type.
C.    Run the new Delegation Wizard for the zone.
D.    From the properties of the zone, modify the Start Of Authority (SOA) record.

Answer: C

QUESTION 4
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?

A.    From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify the contoso.com zone
as a target.
B.    From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.
C.    From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone
as a target.
D.    From DNS Manager, modify the Advanced settings of DC1.

Answer: C
Explanation:
C. The Set-DnsServerSecondaryZone cmdlet changes settings for an existing secondary zone on a Domain Name System (DNS) server.
http://technet.microsoft.com/en-us/library/jj649920(v=wps.620).aspx

QUESTION 5
You have a server named Server1 that has the Web Server (IIS) server role installed.
You obtain a Web Server certificate.
You need to configure a website on Server1 to use Secure Socket Layer (SSL).
To which store should you import the certificate?
To answer, select the appropriate store in the answer area.
  clip_image001[48]
Answer:
 clip_image001[50]

QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 is a DNS server for contoso.com.
The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)
  clip_image001[52]
The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server. You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone.
What should you configure?

A.    The Dynamic updates setting of the contoso.com zone
B.    The workgroup name of Server1
C.    The primary DNS suffix of Server1
D.    The Security settings of the contoso.com zone

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc778792%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc778792%28v=ws.10%29.aspx http://www.advicehow.com/adding-primary-dns-suffix-in-microsoft-windows-8/ http://technet.microsoft.com/en-us/library/cc959611.aspx

QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing.
You need to ensure that the new zone will be available only on DC5 and DC6.
What should you do first?

A.    Create an application directory partition.
B.    Change the zone replication scope.
C.    Create an Active Directory connection object.
D.    Create an Active Directory site link.

Answer: A
Explanation:
A. A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partition
http://technet.microsoft.com/en-us/library/cc754292.aspx

QUESTION 8
Your network contains a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a zone named contoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com. You change the IP address of Server2.
Several hours later, some users report that they cannot connect to Server2.
On the affected users’ client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2.
You need to reduce the amount of time that the client computers cache DNS records from contoso.com.
Which value should you modify in the Start of Authority (SOA) record?
To answer, select the appropriate setting in the answer area.
  clip_image001[54]
Answer:
 clip_image002[44]

QUESTION 9
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
You enable and configure Routing and Remote Access (RRAS) on Server1.
You create a user account named User1.
You need to ensure that User1 can establish VPN connections to Server1.
What should you do?

A.    Create a network policy.
B.    Modify the members of the Remote Management Users group.
C.    Create a connection request policy.
D.    Add a RADIUS client.

Answer: A
Explanation:
A. Configure your VPN server to use Network Access Protection (NAP) to enforce health requirement policies.
B. determines which users and groups should have permission to log on remotely C. Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS client
D. A network access server (NAS) is a device that provides some level of access to a larger network. A NAS using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server for authentication, authorization, and accounting. http://technet.microsoft.com/en-us/library/dd314165(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd469733.aspx http://technet.microsoft.com/en-us/library/dd469660.aspx http://technet.microsoft.com/en-us/library/cc753603.aspx http://technet.microsoft.com/en-us/library/cc754033.aspx

QUESTION 10
Server1 as a DNS server hosts a Primary zone,Server2 is the secondary zone contoso.com domain, you need to determine how long Server2 Server1 to renew regional, how to configure

A.    Refresh interval
B.    Restart DNS
C.    Forwarders
D.    Stub zone

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc755646(v=ws.10).aspx

Passing Microsoft 70-411 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-411 Dump:

http://www.braindump2go.com/70-411.html

Pages: 1 2 3 4 5