Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam
You have a server named Server 1.
You enable BitLocker Drive Encryption (BitLocker) on Server 1.
You need to change the password for the Trusted Platform Module (TPM) chip.
What should you run on Server1?
The Set-TpmOwnerAuthcmdlet changes the current owner authorization value of the Trusted Platform Module (TPM) to a new value.
You can specify the current owner authorization value or specify a file that contains the current owner authorization value. If you do not specify an owner authorization value, the cmdlet attempts to read the value from the registry.
Use the ConvertTo-TpmOwnerAuthcmdlet to create an owner authorization value.
You can specify a new owner authorization value or specify a file that contains the new value.
Your company has a main office and two branch offices. The main office is located in Seattle.
The two branch offices are located in Montreal and Miami.
Each office is configured as an Active Directory site.
The network contains an Active Directory domain named contoso.com.
Network traffic is not routed between the Montreal office and the Miami office.
You implement a Distributed File System (DFS) namespace named \\contoso.com\public.
The namespace contains a folder named Folder1. Folder1 has a folder target in each office.
You need to configure DFS to ensure that users in the branch offices only receive referrals to the target in their respective office or to the target in the main office.
Which two actions should you perform?
(Each correct answer presents part of the solution. Choose two.)
A. Set the Ordering method of \\contoso.com\public to Random order.
B. Set the Advanced properties of the folder target in the Seattle office to Last among all targets.
C. Set the Advanced properties of the folder target in the Seattle office to First among targets of equal cost.
D. Set the Ordering method of \\contoso.com\public to Exclude targets outside of the client’s site.
E. Set the Advanced properties of the folder target in the Seattle office to Last among targets of equal cost.
F. Set the Ordering method of \\contoso.com\public to Lowest cost.
Exclude targets outside of the client’s site In this method, the referral contains only the targets that are in the same site as the client. These same-site targets are listed in random order. If no same-site targets exist, the client does not receive a referral and cannot access that portion of the namespace. Note: Targets that have target priority set to “First among all targets” or “Last among all targets” are still listed in the referral, even if the ordering method is set to Exclude targets outside of the client’s site .
Note 2: Set the Ordering Method for Targets in Referrals A referral is an ordered list of targets that a client computer receives from a domain controller or namespace server when the user accesses a namespace root or folder with targets. After the client receives the referral, the client attempts to access the first target in the list. If the target is not available, the client attempts to access the next target.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Network Policy Server server role installed. The domain contains a server named Server2 that is configured for RADIUS accounting.
Server1 is configured as a VPN server and is configured to forward authentication requests to Server2.
You need to ensure that only Server2 contains event information about authentication requests from connections to Server1.
Which two nodes should you configure from the Network Policy Server console?
To answer, select the appropriate two nodes in the answer area.
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1.
You make a change to GPO1.
You need to force all of the computers in OU1 to refresh their Group Policy settings immediately.
The solution must minimize administrative effort.
Which tool should you use?
A. Group Policy Object Editor
B. The Secedit command
C. Group Policy Management Console (GPMC)
D. Active Directory Users and Computers
In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer.
Starting with Windows Server?2012 and Windows?8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container.
Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy.
Not B: Secedit configures and analyzes system security by comparing your current configuration to at least one template.
Reference: Force a Remote Group Policy Refresh (GPUpdate)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has the following BitLocker Drive Encryption (BitLocker) settings:
You need to ensure that drive D will unlock automatically when Server1 restarts. What command should you run?
To answer, select the appropriate options in the answer area.
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform?
(Each correct answer presents part of the solution.
A. On Server1, create a collector initiated subscription.
B. On Server1, create a source computer initiated subscription.
C. From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.
D. From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.
To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the Security event log of several domain controllers can be forwarded to an administrative workstation
* Group Policy
The forwarding computer needs to be configured with the address of the server to which the events are forwarded. This can be done with the following group policy setting:
Computer configuration-Administrative templates-Windows components-Event forwarding-
Configure the server address, refresh interval, and issue certificate authority of a target subscription manager.
* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates
| Windows Components | Event Forwarding – Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager
Your company has two offices. The offices are located in Montreal and Seattle.
The network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2. Server1 is located in the Seattle office. Server2 is located in the Montreal office. Both servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
You need to configure Server2 to download updates that are approved on Server1 only.
What cmdlet should you run?
To answer, select the appropriate options in the answer area.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed.
Each time a user receives an access-denied message after attempting to access a folder on Server1, an email notification is sent to a distribution list named DL1.
You create a folder named Folder1 on Server1, and then you configure custom NTFS permissions for Folder 1.
You need to ensure that when a user receives an access-denied message while attempting to access Folder1, an email notification is sent to a distribution list named DL2. The solution must not prevent DL1 from receiving notifications about other access-denied messages.
What should you do?
A. From File Explorer, modify the Classification tab of Folder1.
B. From the File Server Resource Manager console, modify the Email Notifications settings.
C. From the File Server Resource Manager console, set a folder management property.
D. From File Explorer, modify the Customize tab of Folder1.
To specify a separate access-denied message for a shared folder by using File Server Resource Manager
See step 3 below.
Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager.
Expand File Server Resource Manager (Local), and then click Classification Management.
Right-click Classification Properties, and then click Set Folder Management Properties.
In the Property box, click Access-Denied Assistance Message, and then click Add. Click Browse, and then choose the folder that should have the custom access- denied message.
In the Value box, type the message that should be presented to the users when they cannot access a resource within that folder.
You can add macros to the message that will insert customized text. The macros include:
Click OK, and then click Close.
Drag and Drop Question
You have a WIM file that contains an image of Windows Server 2012 R2.
Recently, a technician applied a Microsoft Standalone Update Package (MSU) to the image.
You need to remove the MSU package from the image.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. A domain controller named DC1 has the ADMX Migrator tool installed.
You have a custom Administrative Template file on DC1 named Template1.adm.
You need to add a custom registry entry to Template1.adm by using the ADMX Migrator tool.
Which action should you run first?
A. New Category
B. Load Template
C. New Policy Setting
D. Generate ADMX from ADM
A. Done after ADMX is created, adds categories of policy settings
B. Done after ADMX is created, Loads ADMX template to be edited
C. Done after ADMX is created, defines new registry-based policy settings
D. Coverts ADM files into ADMX (XML Format)
If you want to pass Microsoft 70-411 exam successfully, donot missing to read latest lead2pass Microsoft 70-411 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.