Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam
You have a file server named Server1 that runs Windows Server 2012 R2.
A user named User1 is assigned the modify NTFS permission to a folder named C:\shares and all of the subfolders of C:\shares.
On Server1, you open File Server Resource Manager as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Each correct selection is worth one point.
Your network contains an Active Directory domain named contoso.com. The domain contains 30 user accounts that are used for network administration. The user accounts are members of a domain global group named Group1.
You identify the security requirements for the 30 user accounts as shown in the following table.
You need to identify which settings must be implemented by using a Password Settings object (PSO) and which settings must be implemented by modifying the properties of the user accounts.
What should you identify?
Your network contains an Active Directory domain named contoso.com. The domain contains a virtual machine named Server1 that runs Windows Server 2012 R2.
Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.
You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E.
Which command should you run?
A. manage-bde -protectors -add c: -startup e:
B. manage-bde -lock e:
C. manage-bde -protectors -add e: -startupkey c:
D. manage-bde -on e:
Encrypts the drive and turns on BitLocker.
The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.
manage-bde -on C: -recoverypassword
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
– Generate an event each time a new process is created.
– Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
You have a Group Policy object (GPO) named GPO1 that contains hundreds of settings. GPO1 is linked to an organizational unit (OU) named OU1. OU1 contains 200 client computers.
You plan to unlink GPO1 from OU1.
You need to identify which GPO settings will be removed from the computers after GPO1 is unlinked from OU1.
Which two GPO settings should you identify?
(Each correct answer presents part of the solution. Choose two.)
A. The managed Administrative Template settings
B. The unmanaged Administrative Template settings
C. The System Services security settings
D. The Event Log security settings
E. The Restricted Groups security settings
There are two kinds of Administrative Template policy settings: Managed and Unmanaged .
The Group Policy service governs Managed policy settings and removes a policy setting when it is no longer within scope of the user or computer.
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named IT and a CU named Sales. All of the help desk user accounts are located in the IT CU. All of the sales user accounts are located in the Sales CU. The Sales CU contains a global security group named G_Sales. The IT CU contains a global security group named G_HelpDesk.
You need to ensure that members of G_HelpDesk can perform the following tasks:
– Reset the passwords of the sales users.
– Force the sales users to change their password at their next logon.
What should you do?
A. Run the Set-ADFinecrainedPasswordPolicy cmdlet and specify the -identity parameter.
B. Right-click the IT OU and select Delegate Control.
C. Right-click the Sales OU and select Delegate Control.
D. Run the Set-ADAccountPassword cmdlet and specify the -identity parameter.
B. Wrong OU. Question asks for G_HelpDesk member to be able to delegate control of sales users/force reset
C. G_HelpDesk members need to be allowed to delegate control on the Sales OU as it contains the sales users (G_Sales)
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table.
All desktop computers in contoso.com run Windows 8 and are configured to use BitLocker Drive Encryption (BitLocker) on all local disk drives.
You need to deploy the Network Unlock feature.
The solution must minimize the number of features and server roles installed on the network.
To which server should you deploy the feature?
The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Services role in Server Manager.
Your network contains an Active Directory domain named contoso.com.
You create an organizational unit (OU) named OU1 and a Group Policy object (GPO) named GPO1. You link GPO1 to OU1.
You move several file servers that store sensitive company documents to OU1.
Each file server contains more than 40 shared folders.
You need to audit all of the failed attempts to access the files on the file servers in OU1.
The solution must minimize administrative effort.
Which two audit policies should you configure in GPO1?
To answer, select the appropriate two objects in the answer area.
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise.
You implement a Group Policy central store.
You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers.
You need to deploy the custom registry setting. The solution must minimize administrator effort.
What should you configure in a Group Policy object (GPO)?
A. The Software Installation settings
B. The Administrative Templates
C. An application control policy
D. The Group Policy preferences
Group Policy preferences provide the means to simplify deployment and standardize configurations. They add to Group Policy a centralized system for deploying preferences (that is, settings that users can change later).
You can also use Group Policy preferences to configure applications that are not Group Policy-aware. By using Group Policy preferences, you can change or delete almost any registry setting, file or folder, shortcut, and more.
You are not limited by the contents of Administrative Template files.
The Group Policy Management Editor (GPME) includes Group Policy preferences.
You have a file server that has the File Server Resource Manager role service installed.
You open the File Server Resource Manager console as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that all of the folders in Folder1 have a 100-MB quota limit.
What should you do?
A. Run the Update FsrmQuotacmdlet.
B. Run the Update-FsrmAutoQuotacmdlet.
C. Create a new quota for Folder1.
D. Modify the quota properties of Folder1.
By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server Resource Manager automatically generates quotas that are based on that template. Quotas are generated for each of the existing subfolders and for subfolders that you create in the future.
If you want to pass Microsoft 70-411 exam successfully, donot missing to read latest lead2pass Microsoft 70-411 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.