Exam Code: 70-411
Exam Name: Administering Windows Server 2012 R2 Exam
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You create a group Managed Service Account named gservice1.
You need to configure a service named Service1 to run as the gservice1 account.
How should you configure Service1?
A. From Windows PowerShell, run Set-Service and specify the -PassThrough parameter.
B. From a command prompt, run sc.exe and specify the config parameter.
C. From Windows PowerShell, run Set-Service and specify the -StartupType parameter.
D. From a command prompt, run sc.exe and specify the privs parameter.
A. General settings only allow you to stop, start and set type/paramaters
B. Set-Service provides a way for you to change the Description, StartupType, or DisplayName of a service
C. Modifies service configuration
D. Sets the response/action on service failure
Your network contains an Active Directory domain named contoso.com. All client computers are configured as DHCP clients.
You link a Group Policy object (GPO) named GPO1 to an organizational unit (OU) that contains all of the client computer accounts.
You need to ensure that Network Access Protection (NAP) compliance is evaluated on all of the client computers.
Which two settings should you configure in GPO1?
To answer, select the appropriate two settings in the answer area.
Your network contains an Active Directory domain named contoso.com. All client computers run Windows Vista Service Pack 2 (SP2). All client computers are in an organizational unit (OU) named OU1. All user accounts are in an OU named OU2. All users log on to their client computer by using standard user accounts. A Group Policy object (GPO) named GPO1 is linked to OU1.
A GPO named GPO2 is linked to OU2.
You need to apply advanced audit policy settings to all of the client computers.
What should you do?
A. In GPO1, configure a startup script that runs auditpol.exe.
B. In GPO2, configure a logon script that runs auditpol.exe.
C. In GPO1, configure the Advanced Audit Policy Configuration settings.
D. In GPO2, configure the Advanced Audit Policy Configuration settings.
You have a server that runs Windows Server 2012 R2.
You have an offline image named Windows2012.vhd that contains an installation of Windows Server 2012 R2.
You plan to apply several updates to Windows2012.vhd.
You need to mount Windows2012.vhd to H:\. Which tool should you use?
A. Device Manager
D. Server Manager
Your network contains two Active Directory domains named contoso.com and adatum.com. The contoso.com domain contains a server named Server1.contoso.com. The adatum.com domain contains a server named server2.adatum.com. Server1 and Server2 run Windows Server 2012 R2 and have the DirectAccess and VPN (RRAS) role service installed. Server1 has the default network policies and the default connection request policies.
You need to configure Server1 to perform authentication and authorization of VPN connection requests to Server2.
Only users who are members of Adatum\Group1 must be allowed to connect.
Which two actions should you perform on Server1?
(Each correct answer presents part of the solution. Choose two.)
A. Network policies
B. Connection request policies
C. Create a network policy.
D. Create a connection request policy.
* Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
* With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client
Your network contains an Active Directory forest named contoso.com.
All servers run Windows Server 2012 R2.
You need to create a custom Active Directory Application partition.
Which tool should you use?
* To create or delete an application directory partition Open Command Prompt.
At the ntdsutil command prompt, type:domain management
At the domain management command prompt, type:connection At the server connections command prompt, type:connect to server ServerName At the server connections command prompt, type:quit
At the domain management command prompt, do one of the following:
* partition management
Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2.
/ partition management create nc %s1 %s2
Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify “NULL” for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3.
* An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition.
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The functional level of both the domain and the forest is Windows Server 2008 R2. The domain contains a domain-based Distributed File System (DFS) namespace that is configured as shown in the exhibit. (Click the Exhibit button.)
You need to enable access-based enumeration on the DFS namespace. What should you do first?
A. Install the File Server Resource Manager role service on Server3 and Server5.
B. Raise the domain functional level.
C. Delete and recreate the namespace.
D. Raise the forest functional level.
Access-based enumeration is only supported on a Domain-based Namespace in Windows Server 2008 Mode. This type of Namespace requires a minimum Windows Server 2003 forest functional level and a minimum Windows Server 2008 domain functional level.
The exhibit indicates that the current namespace is a Domain-based Namespace in Windows Server 2000 Mode. To migrate a domain-based namespace from Windows 2000 Server mode to Windows Server 2008 mode, you must export the namespace to a file, delete the namespace, recreate it in Windows Server 2008 mode, and then import the namespace settings.
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain.
Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2.
OU1 contains a client computer named Computer1. OU2 contains a user named User1.
You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on.
What should you configure?
A. The GPO Status
B. GPO links
C. The Enforced setting
D. Security Filtering
* GPOs cannot be linked directly to users, computers, or security groups. They can only be linked to sites, domains and organizational units. However, by using security filtering, you can narrow the scope of a GPO so that it applies only to a single group, user, or computer.
* Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
Reference: Security filtering using GPMC
You have a server named Server1 that runs Windows Server 2012 R2.
You promote Server1 to a domain controller.
You need to view the service location (SRV) records that Server1 registers in DNS.
What should you do on Server1?
A. Open the Netlogon.dns file.
B. Open the Srv.sys file.
C. Run ipconfig /displaydns.
D. Run Get-DnsServerDiagnostics.
Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines.
You need to view the amount of memory resources and processor resources each virtual machine uses currently.
Which tool should you use on Server1?
A. Windows System Resource Manager (WSRM)
B. Task Manager
C. Resource Monitor
D. Hyper-V Manager
If you want to pass Microsoft 70-411 exam successfully, donot missing to read latest lead2pass Microsoft 70-411 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.